Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Best IDS ?

From: "McKinley, Jackson" <Jackson.McKinley () team telstra com>
Date: Fri, 9 Dec 2005 10:23:36 +1100
Personally... 
Best thing about snort is now easy it is to deploy new sensors when
needed.  In a large networks you can deploy sensors at the drop of a
hat.  You can reuse retired hardware (depending on the network) so no
need to fork out 40 - 60k for a "sensor" which is just a 1ru pc with a
fancy brand name :P.  

Building a sensor takes what 20min?  Even quicker if you had a rollout
image. Build a kickstart image and you can deploy anywhere on your
network!! Ha-ha ok I'm going over board :)

The way its so easy to write new rules.  It takes 10 - 15 min to create
a new rule to search for the type of traffic your interested in.

Maybe I'm just a snort fan but hey I always push snort.

Cheers

J.

-----Original Message-----
From: Breno Colom [mailto:breno () aureal com pe] 
Sent: Thursday, 8 December 2005 10:54 AM
To: Juan B
Cc: security basics
Subject: Re: Best IDS ?

On Wed, 2005-12-07 at 02:34 -0800, Juan B wrote:

where can I find a comperison article related to IDS's?



Straight out from Snort.org's news section:

"Microsoft Certified Professional Magazine published an article on
Intrusion Detection. While this may not be the most scientific test
available, these guys do a decent job discussing IDSs to an audience who
are not security experts. The authors tested Dragon, RealSecure,
NetProwler, and of course Snort. Not suprising that Snort won their
hearts."

http://www.mcpmag.com/Features/article.asp?EditorialsID=294


Nice article, though kinda dated as it was written in August 2002.



--
Breno Colom
breno () breno org http://www.breno.org
breno () aureal com pe http://www.aureal.com.pe
Previous By Date Next
Previous By Thread Next

Current thread: