RE: Cisco vs. Snort

["William Bradd" <wbradd () comcast net>]

Yes, it is called a self inflicted denial of service.  It can easily stop
legitimate traffic while allowing malicious traffic to continue.

Use any kind of auto response carefully.

Dragon, Sourcefire (commercial snort) and Snort, are the top of there class.

I have used both CISCO and ISS and found them lacking.

What ever IDS you decide on, be sure you can afford it, maintain it, and
that it does what you want it do.  Be sure to get training on the product,
too.

To many people buy IDS products, do a default install and expect it to work.

You want to be sure you can write your own signatures so that you are
covered when the vendor does not release a new signature for an attack until
that attack is over.




-----Original Message-----
From: McGill, Lachlan [mailto:mcgilll1 () anz com]
Sent: Tuesday, September 02, 2003 7:22 PM
To: Nicholas Diotte; security-basics () securityfocus com
Subject: RE: Cisco vs. Snort


One advantage of staying with Cisco is that Cisco IDS will auto modify Cisco
router access lists in case of an attack. Although this feature should be
configured with caution!!!

-----Original Message-----
From: Nicholas Diotte [mailto:xphox () xphox net]
Sent: Wednesday, 3 September 2003 2:19 AM
To: security-basics () securityfocus com
Subject: Cisco vs. Snort




Good day,

Recently I've been asked to impliment an IDS system within our corporate
network.  I've been given a more then reasonable budget, so I'm not
looking for a cheap/freebie solution.  What if any are the advantages of
going Cisco vs. building a Snort system.

What I'm thinking is Snort would be much more of a headake as you need to
write/obtain rules, whereas Cisco that is not the case.

Has anyone had a chance to examin the two devices, and any pointers before
I proceed with such an order?  Most of our products on our network are
Cisco based, including all FW, routers, and soon switches.

Reason why I'm asking is that I've been asked to do a presentation for our
Board of Directors, and as you can see the person in charge before me,
implimented nothing but Cisco products.

Thanks,
Nick

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------