Security Basics mailing list archives

Re: Best IDS ?

From: Dean Davis <dean.davis () mbg-inc com>
Date: Thu, 08 Dec 2005 11:47:29 -0500

I concur!

Management overhead isn't that high with Snort. Additionally, you will
learn a great deal more about the way networks move data at all levels
of the OSI model, and how to debug and author rule-sets to suit your
environment.

In my experience, even Cisco's 4200 series require significant knowledge
and administration skills to suit a given environment, and still lacks
many of Snort's features. I had the Cisco guys here at my shop sometime
earlier this year, and they both couldn't argue with me when I told them
that Snort is our corporate standard. 

Also, take a look at sourcefire.com, the commercial arm that develops
snort-based solutions that require less overhead.

Snort is hands-down, the best!

Regards,

On Wed, 2005-12-07 at 18:53 -0500, Breno Colom wrote:

On Wed, 2005-12-07 at 02:34 -0800, Juan B wrote:

where can I find a comperison article related to
IDS's?


Straight out from Snort.org's news section:

"Microsoft Certified Professional Magazine published an article on
Intrusion Detection. While this may not be the most scientific test
available, these guys do a decent job discussing IDSs to an audience who
are not security experts. The authors tested Dragon, RealSecure,
NetProwler, and of course Snort. Not suprising that Snort won their
hearts."

http://www.mcpmag.com/Features/article.asp?EditorialsID=294


Nice article, though kinda dated as it was written in August 2002.



-- 
Breno Colom
breno () breno org http://www.breno.org
breno () aureal com pe http://www.aureal.com.pe

-- 
Dean Davis,RHCE,CCSP,MCSE,MCDBA,CCNA,Linux+
Sr. Network Engineer
MBG Telecom Software
P. 212.822.4429
F. 212.822.4499
W. www.mbg-inc.com
P/GPG: A9C110B4
Key Server: http://pgp.mit.edu

-- 
The information in this email (including any attachments) is confidential and may be legally privileged.
Access to this e-mail by anyone other than the intended addressee is unauthorized. 

If you are not the intended recipient of this message, any review, disclosure, copying, distribution, 
retention, or any action taken or omitted to be taken in reliance on it (including any attachments) is 
prohibited and may be unlawful. 

If you are not the intended recipient, please reply to or forward a copy of this message to the sender and 
delete the message, all attachments, and any copies thereof from your system and destroy any printout thereof.

This message has been scanned for viruses and
dangerous content and is believed to be clean.

Current thread:

Best IDS ? Juan B (Dec 07)
- Re: Best IDS ? ilaiy (Dec 08)
- Re: Best IDS ? Breno Colom (Dec 08)
  - Re: Best IDS ? Dean Davis (Dec 09)
- RE: Best IDS ? Richard Bennison (Dec 08)
- <Possible follow-ups>
- RE: Best IDS ? McKinley, Jackson (Dec 12)