Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IDS vs. IPS deployment feedback

from [Gary Halleen (ghalleen)] Network Security [Permanent Link]
Subject: RE: IDS vs. IPS deployment feedback
Date: Tue, 11 Apr 2006 17:22:54 -0700 
With the exception of a select few, all Cisco IPS signatures are open,
and can be cloned, edited, added-to, or edited.  Signatures are stored
in an xml format inside the .pkg file which is applied to a Cisco IPS
sensor.  

Gary




-----Original Message-----
From: Richard Bejtlich [mailto:taosecurity@gmail.com] 
Sent: Monday, April 10, 2006 1:31 PM
To: Andrew Plato
Cc: focus-ids@securityfocus.com
Subject: Re: IDS vs. IPS deployment feedback

On 4/10/06, Andrew Plato <andrew.plato@anitian.com> wrote:

Yes...SOURCEFIRE customers get those signatures early. They get handed



out to the Snort world well after the fact. SourceFire is a commercial



company and you must PAY to get their product.

In other words - Sourcefire is no different than TP, ISS or any other 
commercial vendor in this regard. As such, we're all just selling what



we know.


Andrew,

You call five days "well after the fact"?  Snort rules are free for
registered users, by the way.

Here's another difference between ISS and Snort -- I can read Snort
rules, even those developed by Sourcefire.  Can you point me to the
place where I can download and review ISS rules, even assuming I am a
registered owner?  Cisco?  Other?

One of the ways to build trust in a product is to see how it works.  I
trust Snort more than similar products because I can understand its
decision-making process.

Richard

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS vs. IPS deployment feedback, Mike Barkett
Next by Date:  Re: IDS vs. IPS deployment feedback, Eric Hines
Previous by Thread:  RE: IDS vs. IPS deployment feedback, Cojocea, Mike (IST)
Next by Thread:  Re: IDS vs. IPS deployment feedback, Randal T. Rioux
Indexes:  [Date] [Thread] [Top] [All Lists]