Re: IDS: Net Ranger vs. RealSecure vs. NFR

[Carric Dooley <carric () com2usa com>]

Then NFR is the only ticket (unless you watn to use REALLY high-end RS
probes).

The main advantages to NFR are it's speed and adaptability.  A
disadvantage may be it's adaptability.  =)  You will need someone on staff
with some programming skills to build the custom scripts you may want to
add to the existing NFR package.

One thing I am not clear on is how you plan to avoid setting up probes on
each segment you want to monitor.  That is not really a downer to RS as
you will need to do this with NFR or NR...

You may also want to contact ISS direct and ask them what they have in the
works for the near future as far as solving the "high load" delimma.

Carric Dooley
COM2:Interactive Media
http://www.com2usa.com

On Mon, 5 Jul 1999, SiOL CERT wrote:

> Hi.
>
> I have two intrusion detection systems on a trial run, but have to chose the 
> big winner. Both of them have been recommended as the cream of the crop and 
> 'best money can buy', but from the wrong persons.
>
> One of them is Cisco's Net Ranger Director, which uses HP OpenView as a GUI 
> (not prefered) and other one is ISS' Real Secure, which is a bit of a pain 
> because I'd need to set a machine on each segment of the network I want to 
> monitor.
>
> The third IDS is my personal favorite NFR's Network Flight Recorder (ever 
> since I read the white paper), but I need more informations about all of the 
> mentioned IDS systems (especially cons, pros are more or less known).
>
> The network in question is an ISP's public part of the system, which means I 
> need some detection system than can swallow more than 70Mbit traffic on the 
> fly.
>
> Thanks in advance,
>
> Saso
>
> -
> [To unsubscribe, send mail to majordomo () lists gnac net with
> "unsubscribe firewalls" in the body of the message.]