IDS mailing list archives
Re: Fortinet IDS
From: Ron Gula <rgula () tenablesecurity com>
Date: Thu, 21 Oct 2004 11:58:02 -0400
We have a few Fortinet's here at Tenable. We initially got a 'not for resale' copy to develop signatures for it for our Thunder log aggregator and Lightning Console vulnerability management products. We were able to reuse a lot of the logic in Lightning we had built for Snort to correlate host, network and passive vulns with IDS events from the Fortinet box, but the log formats where slightly different. Definitely based on Snort though and it is vulnerable to a variety of NIDS-bypass attacks. Taking Nessus or NeWT and throwing a scan into IDS bypass mode generates a much different event stream than without evasion. Our network engineers liked the demo model so much we bought it and also bought a larger 100 MB model. Just from a convenience factor, it's nice to get virus, spam, firewall, vpn and IDS events from one device. I think you could argue that there is better technology on dedicated hardware, but you have to balance your rack space, reliability, admin overhead and budget. Ron Gula, CTO Tenable Network Security http://www.tenablesecurity.com NeVO Passive Vulnerability Scanner At 04:27 PM 10/19/2004 -0400, Ryan Whalen wrote:
I am using a Fortigate firewall. It inspects all traffic transparently for IDS/Virus events.I believe they used Snort for their IDS. Fortinet provides signature updates for the IDS system several times a week. We are very happy with this solution.Ryan
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Fortinet IDS Don Draper (Oct 15)
- Re: Fortinet IDS Mark Teicher (Oct 18)
- Re: Fortinet IDS Ian Gallagher (Oct 18)
- Re: Fortinet IDS Jason (Oct 19)
- Re: Fortinet IDS Ryan Whalen (Oct 21)
- Re: Fortinet IDS Ron Gula (Oct 21)
- Re: Fortinet IDS Jason (Oct 19)
- Message not available
- Re: Fortinet IDS Ian Gallagher (Oct 21)
- <Possible follow-ups>
- RE: Fortinet IDS Tom Neclerio (Oct 19)
- RE: Fortinet IDS David Puckett (Oct 21)
- snort-inline capabilities ( WAS: Re: Fortinet IDS ) Jason (Oct 21)
- RE: Fortinet IDS Michael Allgeier (Oct 21)