Anatole,
For network IPS/IDS only you could use the G400 product. It has an
HTTPS-based LMI (local management interface) where you can configure the
device as well as view the events. However, if you are interested in a
multi-function device (IDS/IPS, firewall, VPN, A/V, content filtering,
etc.) the M10 might be a good choice. The M10 also has an HTTPS-based
LMI. Both devices also allow you to forward event details over e-mail,
trigger SNMP traps, etc. Without more details, it is hard to know
exactly what to recommend.
If you are doing this in preparation for a purchase decision, I
recommend you contact ISS sales. They can provide better support than
you will be able to get over a mailing list. If you are planning on
publishing your results, you might try to contact the ISS marketing
group for support for similar reasons.
(I work for ISS)
Paul
-----Original Message-----
From: Berteau Anatole [mailto:anatole.berteau@turbomeca.fr]
Sent: Tuesday, May 17, 2005 12:03 PM
To: focus-ids@securityfocus.com
Subject: IDS ISS
Hello,
I'm testing IDS solution. After Snort, i'm beginning to work with ISS.
What's the minimum architecture to use ISS? Is it possible to use only a
network sensor? If this solution is available, what's the solution to
consult alerts?
Thanks
Anatole
------------------------------------------------------------------------
--
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
