Security Basics mailing list archives
Re: Cisco vs. Snort
From: Sebastian Schneider <ses () straightliners de>
Date: Wed, 10 Sep 2003 03:45:31 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The question is, if it needs to be a hardware device or a usual computer running an IDS. There are several NIDS's available: Snort, Shadow, Cisco Secure, Enterasys Dragon, ISS RealSecure and NFR Security NID. Regarding the "rules" problem, snort has one of the biggest database available and can be written easily by yourself. Actually the problem in writing rules is that issue about false positives/false negatives. The "overall security" is not depending on how many rules are installed, but if they fit your needs and just don't produce a to large overhead. For further informations about snort and it's commercial applications see sourcefire.com Sebastian On Tuesday 02 September 2003 18:18, Nicholas Diotte wrote:
Good day, Recently I've been asked to impliment an IDS system within our corporate network. I've been given a more then reasonable budget, so I'm not looking for a cheap/freebie solution. What if any are the advantages of going Cisco vs. building a Snort system. What I'm thinking is Snort would be much more of a headake as you need to write/obtain rules, whereas Cisco that is not the case. Has anyone had a chance to examin the two devices, and any pointers before I proceed with such an order? Most of our products on our network are Cisco based, including all FW, routers, and soon switches. Reason why I'm asking is that I've been asked to do a presentation for our Board of Directors, and as you can see the person in charge before me, implimented nothing but Cisco products. Thanks, Nick --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com --------------------------------------------------------------------------- -
- -- Sebastian Schneider straightLiners IT Consulting & Services Metzer Str. 12 13595 Berlin Germany Fon: +49-30-3510-6168 Fax: +49-30-3510-6169 www.straightliners.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/XoI7Q7mOWZBxbPcRAv6YAJ9xWG0xiVuiwg3H90k/FVkYDCtuKgCghlxp RVqIkGNKcIE6Uz3X4/zvGdM= =qyA8 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Cisco vs. Snort Nicholas Diotte (Sep 02)
- RE: Cisco vs. Snort David stout (Sep 03)
- Re: Cisco vs. Snort Jude Naidoo (Sep 03)
- Re: Cisco vs. Snort Stefan Marx (Sep 04)
- Re: Cisco vs. Snort Stefan Marx (Sep 04)
- RE: Cisco vs. Snort Ethan (Sep 04)
- Re: Cisco vs. Snort Jorge Claudio (Sep 04)
- Re: Cisco vs. Snort Sebastian Schneider (Sep 10)
- <Possible follow-ups>
- RE: Cisco vs. Snort McGill, Lachlan (Sep 03)
- RE: Cisco vs. Snort William Bradd (Sep 04)
- RE: Cisco vs. Snort Brian Austin (Sep 04)
- Re: Cisco vs. Snort Nicholas Diotte (Sep 04)