IDS mailing list archives

Re: Intrushield vs. ISS once more...

From: Jason <security () brvenik com>
Date: Thu, 06 Jan 2005 03:52:42 -0500



Chris Brown wrote:

Intrushield sends alerts to a central management server, Ethereal needs to
be installed on this.  Alerts are presented in a console and if you wish to
drill down to view the captured packets Ethereal opens and is used to read
the packets.  During the install of the Intrushield manager software you
simply tell Intrushield the location of Ethereal.exe on your system.

So in answer to your Q, it is neither 1 or 2.

So you must have access to the central server in order to performeffective analysis? Is there not the concept of multiple peopleperforming analysis?



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing it with real-world attacks fromCORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.

--------------------------------------------------------------------------

Current thread:

RE: Intrushield vs. ISS once more... Maynor, David (ISS Atlanta) (Jan 03)
- Re: Intrushield vs. ISS once more... Thomas Ptacek (Jan 06)
  - Re: Intrushield vs. ISS once more... Dennis Cox (Jan 06)
  - Re: Intrushield vs. ISS once more... Adam Powers (Jan 08)
    - Re: Intrushield vs. ISS once more... Thomas Ptacek (Jan 10)
  - Re: Intrushield vs. ISS once more... Mike Frantzen (Jan 08)
- <Possible follow-ups>
- RE: Intrushield vs. ISS once more... Murtland, Jerry (Jan 03)
- Re: Intrushield vs. ISS once more... Chris Brown (Jan 04)
  - Re: Intrushield vs. ISS once more... Chris Mills (Jan 06)
  - Re: Intrushield vs. ISS once more... Jason (Jan 06)
- Re: Intrushield vs. ISS once more... Jason (Jan 06)
  - RE: Intrushield vs. ISS once more... Chris Brown (Jan 06)
  - Re: Intrushield vs. ISS once more... JM (Jan 08)