Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Intrushield vs. ISS once more...

from [Murtland, Jerry] Network Security [Permanent Link]
Subject: RE: Intrushield vs. ISS once more...
Date: Mon, 20 Dec 2004 15:20:17 -0500 
Personally, I reviewed ISS along with Cisco's IDS, NetScreen's and a few
other's.  Last week I decided on NetScreen because of it's ease of use (just
like a firewall), and it's compatibility with key software like
Ethereal/TCPDump.  The amount of information it gives you isn't bad although
like ISS and a few others, you will get the occasional alert that really
just doesn't give you enough to go on, so you have to count on other things
like netscout or a packet sniffing package to do some analysis.

I thought ISS was great also, but I also thought that there were too many
steps to get things done.  The interface was a little convoluted and you
were entirely dependant on ISS's X-Force team to write your new signatures.
With NetScreen's Snort engine, I can write my own signatures.  Not to
mention, since they were just bought by Juniper, I'm sure their funding for
new development will surge.  Not trying to sell you on anything, just
offering my own opinion on what I experienced.

I'm not sold on anyone's technology as far as IPS goes, but I would look for
the ability to granularly step into that technology when I decided to block
specific traffic patterns in the future.

Jerry J. Murtland, CISSP



-----Original Message-----
From: Jacob Winston [mailto:jctx09@yahoo.com]
Sent: Friday, December 17, 2004 8:49 PM
To: focus-ids@securityfocus.com
Subject: Intrushield vs. ISS once more...




I have been evaluating Intrushield and ISS but am still unsure on which
route to take. Does anyone have compelling info on why Intrushield is better
or vice-versa? Any help is appreciated.



Thank you in advance.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Local Mirror Prevention with IDS, Michal Melewski
Next by Date:  RE: help needed ..., Beauford, Jason
Previous by Thread:  Re: Intrushield vs. ISS once more..., Chris Mills
Next by Thread:  RE: Intrushield vs. ISS once more..., Brito, Nelson (ISS Brazil)
Indexes:  [Date] [Thread] [Top] [All Lists]