Full Disclosure mailing list archives
Re: Snort as IDS/IPS in mission-critical enterprise network
From: Mark <fd () mchsi com>
Date: Sun, 11 Dec 2005 22:43:42 -0600
Native.Code wrote:
Dear all, Thanks for valuable input. It was very much appreciated. I kind of get the impression that Snort is very stable product but it needs a lot of effort configuring, monitoring and customizing.
This is very true. And, I suspect; it is true of any IDS. If you have any kind of sizable network no IDS can be pre-packaged that will work perfectly for your network. They are all going to need "a lot of effort configuring, monitoring and customizing" if you are going to do it correctly. I don't see how it could be any other way, because, they don't know your network.
We will definitely give it a try. I assume I did not mention, we will be using Windows binary. Is this as stable as Linux version?
I doubt it would be as stable. Do you have a reason for using a Windows binary?
Some of you mentioned that many commercial productions are based on Snort. Can anyone name another product besides those from Sourcefire?
If you are looking for something outside of Sourcefire I would consider Sentarus from demarc.com I was really happy with their PureSecure product before they discontinued it. But, when they told us it would be 10X the price to upgrade to Sentarus we started looking elsewhere and ended up with the Sourcefire products with mixed results. (Their RNA software is not even close to what it's cracked up to be.) But, now that Sourcefire has pretty much locked up the signature database, demarc.com has drastically reduced their pricing on their Sentarus product. Kind of underhanded on Sourcefire's part in my opinion. But, business is business I guess. I just thought Marty was above that. -- Mark _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Snort as IDS/IPS in mission-critical enterprise network, (continued)
- Re: Snort as IDS/IPS in mission-critical enterprise network coderman (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network Michael Holstein (Dec 09)
- RE: Snort as IDS/IPS in mission-critical enterprisenetwork Paul Melson (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprisenetwork Michael Holstein (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network Michael Holstein (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network J.A. Terranson (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprisenetwork sk (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network coderman (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network Technica Forensis (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network Native.Code (Dec 11)
- Re: Snort as IDS/IPS in mission-critical enterprise network Mark (Dec 11)