Educause Security Discussion mailing list archives

Re: Snort IDS Frontends

From: Phil Rodrigues <Phil.Rodrigues () UCONN EDU>
Date: Mon, 14 Jul 2003 15:17:35 -0400

We decided on Demarc's Puresecure about a year ago, and have been very
happy with its performance and features.  Their educational price for a
single sensor was within our limited budget - obviously more than the $0
ACID, etc but well less than other commercial front-ends from Sourcefire,
etc.

I would recommend Puresecure to anyone who was looking for a low-cost
front-end to Snort.

Phil

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues () uconn edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================





"Crawford, Charles D" <ccrawf () KU EDU>
Sent by: The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
07/10/2003 06:20 PM
Please respond to The EDUCAUSE Security Discussion Group Listserv


        To:     SECURITY () LISTSERV EDUCAUSE EDU
        cc:
        Subject:        [SECURITY] Snort IDS Frontends


Hello List,

I know this has been a hot item on many listservs lately but I am
interested
to hear what other Institutions are using for front ends on Snort.

We have tried ACID, PureSecure, Applied Watch.  All have there pro's and
cons.

ACID would be great if it weren't so slow. (Free is appealling, but
doesn't
seem scalable, we had over a 500,000 records in our database and it took
over 2 minutes a wack on the mouse to get anything back)

PureSecure looks good --- budgets/state/money/hmmm might be a tough one to
sell.

Applied Watch --- Not sure How i felt about it...Pretty expensive



Any feedback would be excellent.

thanks



Charles Crawford
IT Security Officer
University of Kansas
(785)864-0491
ccrawf () ku edu

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

Snort IDS Frontends Crawford, Charles D (Jul 10)
- <Possible follow-ups>
- Re: Snort IDS Frontends Timothy Wright (Jul 10)
- Re: Snort IDS Frontends Gerry Sneeringer (Jul 11)
- Re: Snort IDS Frontends Crawford, Charles D (Jul 11)
- Re: Snort IDS Frontends Gerry Sneeringer (Jul 11)
- Re: Snort IDS Frontends Phil Rodrigues (Jul 14)