Re: Cisco vs. Snort

[Sebastian Schneider <ses () straightliners de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The question is, if it needs to be a hardware device or a usual computer 
running an IDS.

There are several NIDS's available: Snort, Shadow, Cisco Secure, Enterasys 
Dragon, ISS RealSecure and NFR Security NID.

Regarding the "rules" problem, snort has one of the biggest database available 
and can be written easily by yourself. Actually the problem in writing rules 
is that issue about false positives/false negatives.
The "overall security" is not depending on how many rules are installed, but 
if they fit your needs and just don't produce a to large overhead.

For further informations about snort and it's commercial applications see 
sourcefire.com

Sebastian

On Tuesday 02 September 2003 18:18, Nicholas Diotte wrote:
> Good day,
>
> Recently I've been asked to impliment an IDS system within our corporate
> network.  I've been given a more then reasonable budget, so I'm not
> looking for a cheap/freebie solution.  What if any are the advantages of
> going Cisco vs. building a Snort system.
>
> What I'm thinking is Snort would be much more of a headake as you need to
> write/obtain rules, whereas Cisco that is not the case.
>
> Has anyone had a chance to examin the two devices, and any pointers before
> I proceed with such an order?  Most of our products on our network are
> Cisco based, including all FW, routers, and soon switches.
>
> Reason why I'm asking is that I've been asked to do a presentation for our
> Board of Directors, and as you can see the person in charge before me,
> implimented nothing but Cisco products.
>
> Thanks,
> Nick
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event.  Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symantec is the Diamond sponsor.  Early-bird registration ends September
> 6.Visit us: www.blackhat.com
> ---------------------------------------------------------------------------
> -

- -- 

Sebastian Schneider
straightLiners IT Consulting & Services
Metzer Str. 12
13595 Berlin
Germany

Fon: +49-30-3510-6168
Fax: +49-30-3510-6169
www.straightliners.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/XoI7Q7mOWZBxbPcRAv6YAJ9xWG0xiVuiwg3H90k/FVkYDCtuKgCghlxp
RVqIkGNKcIE6Uz3X4/zvGdM=
=qyA8
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------