Re: Open Source IDS Solution?

[phani shastry <phanishastry () gmail com>]

Hai I am Phani
I hardly believe in the open source IDS as a possible solution to the
existing problems.But I am sure it would help a long way.I am not sure
the way an open source IDS can help the existing problems .For example
, the biggest problem is updating the signature base for IDS. I donot
see any way an open source IDS can help to improve our current
engineering expertise of IDS. Ullike the Operating systems and ther
software whose funcionality of clearly defined IDS is a not clear at
the conceptual level itself. I would be happy if any body can offer
suggestions in this respect.


On 9/4/05, Steve Barron <thurgoodj187 () hotmail com> wrote:
> Hi
>
> Snort is a good, especially for the flexability and good user community.  
> Also the packet inspection via BASE is pretty easy, better than Cisco IDS 
> and some netscreen products I've used.  If you are looking for a open source
>
> app for security information management, check out ossim.
>
> http://www.ossim.net/
>
> I use snort, Cisco IDS, netscreen, and ISS and personally like snort better
>
> than all of the above.
>
> If you are looking for a good corellation tool and can get some budget 
> approved for it, I would check out CS MARS.
> http://www.cisco.com/en/US/products/ps6241/index.html
>
> Good luck
>
>
> -----Original Message-----
> From: McKinley, Jackson [mailto:Jackson.McKinley () team telstra com]
> Sent: Thursday, August 25, 2005 10:48 PM
> To: focus-ids () securityfocus com
> Subject: RE: Open Source IDS Solution?
>
> Personally I think snort is the best sensor ive seen, add that with the 
> speed that.  The difference I think is what you do with your alerts 
> (Correlation technology).
>
> There are a number of "Open source" correlation engines out there.  One that
>
> ive always liked was Open Aanval by remote assesment.  They have started to
>
> sell it how but from memory there is still an open source / free limited 
> version version.  Its called Aaanval or something..
> www.aanval.com
>
>
> -----Original Message-----
> From: Persio Pucci [mailto:ppucci () multirede com br]
> Sent: Friday, 26 August 2005 3:58 AM
> To: focus-ids () securityfocus com
> Subject: Open Source IDS Solution?
>
> Hello folks,
>
> I am working on a study to deploy some IDS over my company's network, and I
>
> would like to know what GOOD and RELIABLE Open Source IDS are out there. I 
> could not find a comparative sheet of any kind (or at least, not a recent 
> one) so I am asking you guys if you have any good ideas. I already know 
> Snort. What are the other ones?
>
> Thank you for your help!
>
> - Persio
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from CORE
>
> IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from CORE
>
> IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it 
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> to learn more.
> ------------------------------------------------------------------------


-- 
phaniisc

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------