IDS mailing list archives
Re: ISS RealSecure/SiteProtector or another IDS/firewall client?
From: Mike Lyman <mlyman-security () comcast net>
Date: Tue, 25 Nov 2003 20:59:41 -0600
On Tue, 2003-11-25 at 10:22, Benjamin B. Williams wrote:
We are planning for the upgrade (several years late) to Windows XP in our computer labs, and need a client-based firewall/IDS that can be centrally managed and has a decent logging system. RealSecure looks like a good choice for us, but I thought I'd ask if anyone's had experience or could recommend an (or several) alternates?
My experience is now a few months old since I've left the job where I used the stuff but I used BlackICE/RealSecure Desktop protector from shortly before ISS bought NetworkICE until July this year. Very heavy on Windows XP in our environment. I liked it as a desktop IDS and it provided a darn good picture of what was going on around the network. Proved to be a big winner during Code Red, Nimda and Slammer. It even helped us detect SQL Spider before it was widely noticed around the 'net because we had it deployed to employee home computers as well as on the corporate network. (Not a lot before and all we could tell was there was worm like probes hitting the SQL port and in increasing numbers.) It has had stability problems since Windows XP was released. ISS always addressed them as the problems cropped up and the occurrences of problems became less and less common but they still occurred. I'd test thing carefully around system suspending and being restored. ISS has probably fixed that one by now but I've not looked at the product since before July so I don't know what version is current. We had a voluntary desktop deployment so stability issues were not a significant concern since we'd just have the product uninstalled if it caused problems. We made use of Windows XP's built in firewall so we were never concerned with ISS's product's firewall ability. The stability issues would have made me a bit concerned about complete reliance on it as the desktop firewall. Ran into a few issues with the system locking up that was partially an overloaded connection into our SQL Server that we fixed by going to a gig connection (more going into the DB server than BlackICE data so that wasn't the problem) and partially a bug in the ICECap management system that cropped up because of the saturated connection into the DB server. ISS fixed their bug about the time we went to a gig connection. After that things ran beautifully. If you're looking for a simple to run desktop IDS, I can easily recommend the product. As for a firewall, I'd check into the stability issues. ISS was always responsive and the issues did not hit many systems but as a firewall it would have worried me. Mike Lyman pgp keyid 0xAB7F35DA
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- ISS RealSecure/SiteProtector or another IDS/firewall client? Benjamin B. Williams (Nov 25)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Alan Shimel (Nov 26)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Gwendolynn ferch Elydyr (Nov 26)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Jack Whitsitt (jofny) (Nov 26)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Mike Lyman (Nov 27)
- Re: ISS RealSecure/SiteProtector or another IDS/firewall client? Mike Lyman (Nov 26)
- <Possible follow-ups>
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Luke Leboeuf (Nov 25)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Sergey V. Gordeychik (Nov 26)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Bohling James CONT JBC (Nov 26)
- Re: ISS RealSecure/SiteProtector or another IDS/firewall client? Martin Roesch (Nov 27)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Teicher, Mark (Mark) (Nov 27)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Teicher, Mark (Mark) (Nov 27)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Chan Kien Eng (Nov 27)
- Re: ISS RealSecure/SiteProtector or another IDS/firewall client? Andrew Plato (Nov 27)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Alan Shimel (Nov 26)