Security Basics mailing list archives
RE: Cisco vs. Snort
From: "David stout" <d.stout () solvesolutions co uk>
Date: Wed, 3 Sep 2003 13:36:42 +0100
This is what I have learnt in my time. You might be able to do a double system with a spare server running Snort (which will be free) and another product bought from your prefered vendor. As far as I can see ... There are a number of people who run Snort alongside another IDS product which not only gives you 2 views of the network, but also provides some redundancy. Now with regards to the Cisco IDS, I will only say that there are better options out there. You might want to consider looking at both the freeware Snort and the commercial versions (http://www.sourcefire.com) which would provide an easier learning curve. There is also the RealSecure option from ISS which is one of the more expensive options, but produces nice reports. Here you have to ask yourself many questions. Do some research on the various IDS products and compare the results. Don't be fooled by sales hype about how many attacks the product can detect. Also ask questions about frequency of updates (here snort is your best friend) and anomaly detection. Also consider sensor placement, management, remote monitoring and hardware/software solutions. If you want an answer to the Cisco Vs Snort question I would say Snort everytime based on performance, flexability, reliability and results. If you really have to go for a Cisco IDS ... I'd say get both products running. I'll but you that a well looked after Snort system will give you far better results. http://www.networkintrusion.co.uk/ will also help you make up your mind. (Sorry to any Cisco salesmen, but it's only the IDS I feel is poor ... Not Cisco kit in general) David Stout CCSP, CCNA, CRCP, INFOSEC Solve Solutions E-Mail: d.stout () solvesolutions co uk Web Site: www.solvesolutions.co.uk -----Original Message----- From: Nicholas Diotte [mailto:xphox () xphox net] Sent: 02 September 2003 17:19 To: security-basics () securityfocus com Subject: Cisco vs. Snort Good day, Recently I've been asked to impliment an IDS system within our corporate network. I've been given a more then reasonable budget, so I'm not looking for a cheap/freebie solution. What if any are the advantages of going Cisco vs. building a Snort system. What I'm thinking is Snort would be much more of a headake as you need to write/obtain rules, whereas Cisco that is not the case. Has anyone had a chance to examin the two devices, and any pointers before I proceed with such an order? Most of our products on our network are Cisco based, including all FW, routers, and soon switches. Reason why I'm asking is that I've been asked to do a presentation for our Board of Directors, and as you can see the person in charge before me, implimented nothing but Cisco products. Thanks, Nick ------------------------------------------------------------------------ --- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Cisco vs. Snort Nicholas Diotte (Sep 02)
- RE: Cisco vs. Snort David stout (Sep 03)
- Re: Cisco vs. Snort Jude Naidoo (Sep 03)
- Re: Cisco vs. Snort Stefan Marx (Sep 04)
- Re: Cisco vs. Snort Stefan Marx (Sep 04)
- RE: Cisco vs. Snort Ethan (Sep 04)
- Re: Cisco vs. Snort Jorge Claudio (Sep 04)
- Re: Cisco vs. Snort Sebastian Schneider (Sep 10)
- <Possible follow-ups>
- RE: Cisco vs. Snort McGill, Lachlan (Sep 03)
- RE: Cisco vs. Snort William Bradd (Sep 04)
- RE: Cisco vs. Snort Brian Austin (Sep 04)
- Re: Cisco vs. Snort Nicholas Diotte (Sep 04)