Re: Computer Associates eTrust

["rocco.s" <rocco.s () telstra com>]

eTrust NIDS is a piece of junk.

a friend of a friend, put the etrust nids (it runs on windows) in a large corporate, tapping a 34mbit fibre link.

this link was always at about 20mbit utilization.

the product would crash, incorrectly log data, log useless stuff (Without the ability to disable that rule/feature), 
die when 'rolling' the logs, crash when creating reports and generaly run like a pig.

he had to create a hack access-database -> ms sql export feature of his own (yeah, it uses access! 2gb limit), just to 
be able to create reports on logs kept for 5 days...

the ca guys said that the solution was to disable everything, and run with a limited signature set (yeah, real useful).

in the end the ca etrust product was thrown out and something else put in its place.

my advice - buy a dishwasher, its more likely to help your organisation with NIDS than the CA eTrust NIDS product.

(he was using version 2 of the nids product)


the system was a dual 3ghz machine running win2k adv. svr. with everything turned off. intel gbit nic's off a nice 
intrusion inc tap.



                                                                      


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------