Security Basics mailing list archives
RE: Cisco vs. Snort
From: "William Bradd" <wbradd () comcast net>
Date: Wed, 3 Sep 2003 16:24:21 -0400
Yes, it is called a self inflicted denial of service. It can easily stop legitimate traffic while allowing malicious traffic to continue. Use any kind of auto response carefully. Dragon, Sourcefire (commercial snort) and Snort, are the top of there class. I have used both CISCO and ISS and found them lacking. What ever IDS you decide on, be sure you can afford it, maintain it, and that it does what you want it do. Be sure to get training on the product, too. To many people buy IDS products, do a default install and expect it to work. You want to be sure you can write your own signatures so that you are covered when the vendor does not release a new signature for an attack until that attack is over. -----Original Message----- From: McGill, Lachlan [mailto:mcgilll1 () anz com] Sent: Tuesday, September 02, 2003 7:22 PM To: Nicholas Diotte; security-basics () securityfocus com Subject: RE: Cisco vs. Snort One advantage of staying with Cisco is that Cisco IDS will auto modify Cisco router access lists in case of an attack. Although this feature should be configured with caution!!! -----Original Message----- From: Nicholas Diotte [mailto:xphox () xphox net] Sent: Wednesday, 3 September 2003 2:19 AM To: security-basics () securityfocus com Subject: Cisco vs. Snort Good day, Recently I've been asked to impliment an IDS system within our corporate network. I've been given a more then reasonable budget, so I'm not looking for a cheap/freebie solution. What if any are the advantages of going Cisco vs. building a Snort system. What I'm thinking is Snort would be much more of a headake as you need to write/obtain rules, whereas Cisco that is not the case. Has anyone had a chance to examin the two devices, and any pointers before I proceed with such an order? Most of our products on our network are Cisco based, including all FW, routers, and soon switches. Reason why I'm asking is that I've been asked to do a presentation for our Board of Directors, and as you can see the person in charge before me, implimented nothing but Cisco products. Thanks, Nick --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Cisco vs. Snort Nicholas Diotte (Sep 02)
- RE: Cisco vs. Snort David stout (Sep 03)
- Re: Cisco vs. Snort Jude Naidoo (Sep 03)
- Re: Cisco vs. Snort Stefan Marx (Sep 04)
- Re: Cisco vs. Snort Stefan Marx (Sep 04)
- RE: Cisco vs. Snort Ethan (Sep 04)
- Re: Cisco vs. Snort Jorge Claudio (Sep 04)
- Re: Cisco vs. Snort Sebastian Schneider (Sep 10)
- <Possible follow-ups>
- RE: Cisco vs. Snort McGill, Lachlan (Sep 03)
- RE: Cisco vs. Snort William Bradd (Sep 04)
- RE: Cisco vs. Snort Brian Austin (Sep 04)
- Re: Cisco vs. Snort Nicholas Diotte (Sep 04)