FW: IDS Opinions

["Madalin Bratu" <madalin () provision ro>]

First of all, I recommend a depper analysis on IDS-IPS vendors

In my opinion, Snort can be a choice, and CA eTrust Intrusion Detection is a hybrid solution (a security suite 
component). 
The best choices in tehnology, Security Knowledge Intellingence, experience and vendor support can be ISS & NAI and 
Cisco (in this order).
But depends on your requirements...

Best regards,

Madalin BRATU
Security Solutions Advisor
ProVision - Security Expert Center TM
Tel: (+4021) 3211568, 3213749
Fax:(+4021) 3236570
web: http://www.provision.ro
Mobil: 0788.574.981
---------------------------------------------
P-ta Alba Iulia, nr.8, Bl. I 7, sc. 3, et. 2 - 4, Sector 3, Bucuresti
---------------------------------------------
Disclaimer: Informatia continuta în acest mesaj este destinata numai proprietarului adresei de email la care a fost 
trimis. Folosirea de catre alte persoane a informatiei este interzisa. Provision este exonerata de orice pagube 
rezultate din folosirea neautorizata a acestei informatii. Daca nu sunteti persoana careia i-a fost adresat acest 
mesaj, va rugam sa nu folositi în nici un fel continutul sau. Daca ati primit acest mesaj din greseala, va rugam sa 
notificati imediat expeditorul, prin email, fax sau telefon si sa distrugeti mesajul original. 
© 2004, Copyright ProVision 

-----Original Message-----
From: Devdas Bhagat [mailto:devdas () dvb homelinux org]
Sent: 7 iunie 2004 18:29
To: focus-ids () securityfocus com
Subject: Re: IDS Opinions

On 02/06/04 11:05 +0530, manish wrote:
<snip>
> options then the best fit will be Snort or CA. Snort is a freeware 
> with ability to perform signature based and contact based intrusion 
> detection. can work in inline or stealth mode. Can integrate with any 
> firewall you can think of. Works on Linux machine. Doen not require 
> high memory or CPU. Can perform wide range of responces. But U need 
> little expertise on Linux for that.
If you are running any IDS, you should have extremely good knowledge of your chosen platform to run the IDS on.
AFAIK, Snort runs on almost any Unix and not just Linux. 
I would not dare to run any IDS on MS Windows, for the simple reason that I do not have enough understanding of MS 
Windows to do that properly.

> CA is Windows based IDS and has integrated Antivirus, URL Filter, and 
> Content Inspection which are addons to the product. Highly user 
> friendly and provide wide range of options. Problem is a little 
> costl;y and works in low range loads only and requires high CPU and memory.
Any analyser needs gobs of CPU and RAM. 

If I may suggest it, the antivirus and URL filtering capabilities belong to a firewall, not an IDS.

Devdas Bhagat

---------------------------------------------------------------------------

---------------------------------------------------------------------------



---------------------------------------------------------------------------

---------------------------------------------------------------------------