Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Juniper and ISS Protocol Anomaly Detection Evaluation

from [Reynolds, Wayne] Network Security [Permanent Link]
Subject: RE: Juniper and ISS Protocol Anomaly Detection Evaluation
Date: Mon, 15 May 2006 12:01:19 -0400 
Mike,

We have already compared these two solutions in depth and ended up
choosing Juniper.

We already use NetScreens as our firewall solution and Juniper will be
offering an IDP module for the NetScreens very shortly which will
incorporate the IDP management within their pre-existing NSM console
package.

Personally, I found ISS' management console much more intuitive, but I
felt that their tech support was severely lacking.  Their support team
just never seemed interested in giving us any help.

-Wayne

________________________________________
Wayne D Reynolds
Network Engineering and Security
Conde Nast Publications
mailto:wayne_reynolds@condenast.com

  

-----Original Message-----
From: Mike Youngs [mailto:myoungs@glenergy.com] 
Sent: Friday, May 12, 2006 8:06 AM
To: focus-ids@lists.securityfocus.com
Subject: Juniper and ISS Protocol Anomaly Detection Evaluation

Hello Everyone,
 
I am doing a network based intrusion detection and prevention system
evaluation, and have come across something I would like this groups
collective experience to give an opinion on.
 
For various reasons, we have settled on making a selection between the
Juniper IDP 600C and the ISS Proventia GX5008.  During our evaluation,
we
have found that Juniper and ISS offer their protocol anomaly detection
means
in much different ways.  What I would like to hear from this group is
your
experience and insight with either product's protocol anomaly detection.
If
someone has insight and/or experience with both products, that will be
that
much better.  I hope to find out if each vendor's protocol anomaly
detection
features are essentially the same thing, or if one is superior over the
other
and why, so I can make a more informed decision on this feature.
 
Another way to say it is, does "protocol anomaly detection" mean the
same
thing to both vendors?  It appears that "attack pattern" means something
different to each vendor.  One considers in the actual string or pattern
to
look for in a packet, and the other considers is it multiple events when
viewed as a whole could mean an attack on a system.
 
Any insight would be appreciated!  Thanks in advance,
 
Mike Youngs
Network Manager
Great Lakes Energy

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Methods to Log snort alerts in XML, M Askar
Next by Date:  Re: Methods to Log snort alerts in XML, sendsec
Previous by Thread:  RE: RE: Juniper and ISS Protocol Anomaly Detection Evaluation, Security Focus
Next by Thread:  RE: Juniper and ISS Protocol Anomaly Detection Evaluation, Compton, Rich
Indexes:  [Date] [Thread] [Top] [All Lists]