Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IDS ISS

from [PPowenski] Network Security [Permanent Link]
Subject: RE: IDS ISS
Date: Wed, 25 May 2005 08:47:03 +0100 
Wholeheartily agree....
Have had several years experience with ISS.
Snort has been solid here for over two years, updates to the current
release have been performed since 1.8.7 which have been smooth, reliable
and very flexible. Upgraded from ACID to BASE and now setting up SGUIL
again with no difficulties.
Sourcefire is doing some very interesting and innovative work with snort
as its detection engine. 

If you plan on pursing ISS look very, very, carefully at the setup,
restrictions i.e. what parts can be loaded onto a single box and what
order they need to be installed and upgraded, architecture requirements,
and how much work it will be to keep it running.

Have setup Snort on every platform that it is distributed for, in every
combination i.e. web, db, on the sensor or on another box and have not
had any issues. You need to consider performance and the amount of
traffic for various configurations.






-----Original Message-----
From: Joel Esler [mailto:eslerj@gmail.com] 
Sent: 20 May 2005 12:58
To: THolman@toplayer.com
Cc: anatole.berteau@turbomeca.fr; focus-ids@securityfocus.com
Subject: Re: IDS ISS


I concur.  I would always go with Snort over ISS anyday.  I've tested  
and ran both at the same time on the same network, and Snort not only  
out performs, but it would be much easier to look at the data and  
configure the IDS.  (Or IPS..  Look into Snort-inline)

Joel Esler

On May 19, 2005, at 8:11 PM, THolman@toplayer.com wrote:


Hi Anatole,

What was wrong with Snort?
There are plenty of implementations possible and it is highly tunable,
plus
you get to see the signatures.
If it's performance you're worried about, consider running on a  
platform
such as SourceFire.
Is it purely a detection-based solution you're looking for, or do you



have
the means to prevent intrusions inline already?

Regards,

Tim

-----Original Message-----
From: Berteau Anatole [mailto:anatole.berteau@turbomeca.fr]
Sent: 17 May 2005 17:03
To: focus-ids@securityfocus.com
Subject: IDS ISS



Hello,

I'm testing IDS solution. After Snort, i'm beginning to work with ISS.

What's the minimum architecture to use ISS? Is it possible to use only
a
network sensor? If this solution is available, what's the solution to
consult alerts?

Thanks

Anatole

----------------------------------------------------------------------
-
---
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from



CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.


----------------------------------------------------------------------- 

---

----------------------------------------------------------------------
-
---
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from



CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.


----------------------------------------------------------------------- 

---




------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--
NOTICE: This e-mail is intended for the named recipient(s). It may contain 
privileged and/or confidential information. If you are not one of the intended 
recipients, please notify the sender immediately and destroy this e-mail and 
attachment(s): you must not copy, distribute, retain or take any action in 
reliance upon the email or attachment(s). While all reasonable efforts are made 
to safeguard inbound and outbound e-mails, OAG Worldwide Ltd and its affiliate 
companies cannot guarantee that attachments are virus-free or are compatible 
with your systems, and does not accept liability in respect of viruses or 
computer problems experienced. Thank you.


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS\IPS that can handle one Gig, Andrew Plato
Next by Date:  Re: IDS\IPS that can handle one Gig, James Blake
Previous by Thread:  Re: IDS ISS, Joel Esler
Next by Thread:  Checkpoint SmartDefense, Fergus Brooks
Indexes:  [Date] [Thread] [Top] [All Lists]