IDS mailing list archives
FW: IDS Opinions
From: "Madalin Bratu" <madalin () provision ro>
Date: Mon, 14 Jun 2004 11:51:16 +0200
First of all, I recommend a depper analysis on IDS-IPS vendors In my opinion, Snort can be a choice, and CA eTrust Intrusion Detection is a hybrid solution (a security suite component). The best choices in tehnology, Security Knowledge Intellingence, experience and vendor support can be ISS & NAI and Cisco (in this order). But depends on your requirements... Best regards, Madalin BRATU Security Solutions Advisor ProVision - Security Expert Center TM Tel: (+4021) 3211568, 3213749 Fax:(+4021) 3236570 web: http://www.provision.ro Mobil: 0788.574.981 --------------------------------------------- P-ta Alba Iulia, nr.8, Bl. I 7, sc. 3, et. 2 - 4, Sector 3, Bucuresti --------------------------------------------- Disclaimer: Informatia continuta în acest mesaj este destinata numai proprietarului adresei de email la care a fost trimis. Folosirea de catre alte persoane a informatiei este interzisa. Provision este exonerata de orice pagube rezultate din folosirea neautorizata a acestei informatii. Daca nu sunteti persoana careia i-a fost adresat acest mesaj, va rugam sa nu folositi în nici un fel continutul sau. Daca ati primit acest mesaj din greseala, va rugam sa notificati imediat expeditorul, prin email, fax sau telefon si sa distrugeti mesajul original. © 2004, Copyright ProVision -----Original Message----- From: Devdas Bhagat [mailto:devdas () dvb homelinux org] Sent: 7 iunie 2004 18:29 To: focus-ids () securityfocus com Subject: Re: IDS Opinions On 02/06/04 11:05 +0530, manish wrote: <snip>
options then the best fit will be Snort or CA. Snort is a freeware with ability to perform signature based and contact based intrusion detection. can work in inline or stealth mode. Can integrate with any firewall you can think of. Works on Linux machine. Doen not require high memory or CPU. Can perform wide range of responces. But U need little expertise on Linux for that.
If you are running any IDS, you should have extremely good knowledge of your chosen platform to run the IDS on. AFAIK, Snort runs on almost any Unix and not just Linux. I would not dare to run any IDS on MS Windows, for the simple reason that I do not have enough understanding of MS Windows to do that properly.
CA is Windows based IDS and has integrated Antivirus, URL Filter, and Content Inspection which are addons to the product. Highly user friendly and provide wide range of options. Problem is a little costl;y and works in low range loads only and requires high CPU and memory.
Any analyser needs gobs of CPU and RAM. If I may suggest it, the antivirus and URL filtering capabilities belong to a firewall, not an IDS. Devdas Bhagat --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: IDS Opinions, (continued)
- Re: IDS Opinions manish (Jun 02)
- Re: IDS Opinions Devdas Bhagat (Jun 14)
- RE: IDS Opinions Steve Massa (Jun 02)
- RE: IDS Opinions NTL World - Chris Standard (Jun 18)
- Re: IDS Opinions manish (Jun 02)
- RE: IDS Opinions fr0ck9 (Jun 02)
- Re: IDS Opinions mills (Jun 02)
- Re: IDS Opinions Nik Schild (Jun 07)
- Re: IDS Opinions Brian (Jun 07)
- Re: IDS Opinions gcb33 (Jun 07)
- Re: IDS Opinions Greg Martin (Jun 09)
- FW: IDS Opinions Madalin Bratu (Jun 21)