Re: IDS Opinions

[gcb33 () dial pipex com]

OK Symantec was the old cisco entercept think (Bad HIDS) real pain to setup and
limited in scope had problems with Service packs on Microsoft boxes it was a
logging and configuration was a pain to the point of sitting down and creating
exceptions it was signature based 

The Cisco Security Agent or (okean stormwatch ) is role based not signature
based allows for large role out deployment creating profiles for antivirus as an
application class has no issues with Service packs, allows you to create very
good profiles of Web services, I have configured to work on .NET framework ,
Oracle Apps servers, Websphere Apps servers no problems,all on W2000 Adv server,
 with also some success with W2003 even though it is not supported but soon to
be released

 have tested it against unpatched machines with worm exploits and it does stop
them including the SSL vuln on webservers it does not cause the IIS to be
exploited but may freeze IIS over a prolong time, but it does trap and stop and
not be exploited

played on ISS as well , but cisco had better support and scale ability from my
perspective, can be placed with the NIDS as well and FW for a easy managed
solution with automatic shunning of pesky people or systems.


my few ...... cents worth

james



Quoting Nik Schild <nikschild () gmx net>:

> Hello
>
> why is nobody talking about prelude (http://www.prelude-ids.org)? It's
> supposed to perform much better than snort and fits better into large
> environments, it's much more felxible becasue prelude is more a
> framework than just a single IDS. Till now I did not have the chance to
> have a closer look to prelude, but I would really be interested in
> experiences made by some others.
>
>
> thanks
> nik
>
> crayola () optonline net wrote:
> > Folks, 
> >
> > I am currently in the middle of an RFP process to buy a new Network ids 
> > system for my company. I have narrowed it down to 
> >
> > Sourcefire's, Dragon (Enterasys), and Symantec's manhunt. 
> >
> > I would love to hear your opinions about these products if you use or 
> > have used them. Anything you can share would be great. I am really looking
>
> > for some nonsales type opinions about how they work in the real world. 
> >
> > Thanks, 
> > Mike
> ---------------------------------------------------------------------------
> >
> ---------------------------------------------------------------------------
> >
>
>
>
> ---------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------


-- 

---------------------------------------------------------------------------

---------------------------------------------------------------------------