RE: ISS RealSecure/SiteProtector or another IDS/firewall client?

["Bohling James CONT JBC" <james.bohling () JBC JFCOM MIL>]

        My team here has done some pretty good research and assessment on the ISS SiteProtector system.  There 
conclusion is that it is way too immature and that Group manager should be used until future upgrades. I also would 
suggest that the group manager be looked at because of the maturity.  However, with the ISS products the interfaces are 
not too intuitive or clean.  Also, I would definitely look into the open source products, tripwire and snort (Now 
supports Windows and Linux), Samhain, Integrit, Osiris, and Prelude.  We have had a lot of success with open source 
products and the life cycle and open support for Snort is very good for being open source.  
        Up to now, this isn't verified by any supporting authority but a lot of the IDS's out there are using the 
opensource technologies under the covers with proprietary changes. Look at sourcefire the underbelly is Snort (I know 
that Marty Roesch created Snort and started Sourcefire) but it is just an example of what technologies are using.


Thank You,
James T. Bohling, CCNA, Security+, MCP-Win2k
Network Security Engineer - JBC CoE
Joint C4ISR Battle Center (AMSEC)
116 Lake View Parkway
Suffolk, VA 23435
(W) 757-638.4032
Web: www.jbc.jfcom.mil
This email was produced and manufactured in America, and is a one-of-a-kind original.



-----Original Message-----
From: Luke Leboeuf [mailto:luke () arcsight com] 
Sent: Tuesday, November 25, 2003 1:04 PM
To: Benjamin B. Williams; focus-ids () securityfocus com; firewalls () securityfocus com
Subject: RE: ISS RealSecure/SiteProtector or another IDS/firewall client?

By client based IDS do you mean host based IDS? If so, I would recommend Okena Stormwatch (now owned by Cisco) over ISS 
or even tripwire. What version of ISS are you looking towards? Realsecure 6.x or Siteprotector 2.X?


Luke LeBoeuf
ArcSight, Inc.
(c) 571.331.3809
(e) luke () arcsight com
http://www.arcsight.com


CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed 
and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you 
have received this communication in error, please do not distribute, notify the sender by E-Mail at the address shown 
and delete the original message along with any attachments. Thank you for your compliance


-----Original Message-----
From: Benjamin B. Williams [mailto:benw () gwu edu] 
Sent: Tuesday, November 25, 2003 11:23 AM
To: focus-ids () securityfocus com; firewalls () securityfocus com
Subject: ISS RealSecure/SiteProtector or another IDS/firewall client?

Hey all -

Has anyone had experience with ISS products, particularly their RealSecure
line?

We are planning for the upgrade (several years late) to Windows XP in our
computer labs, and need a client-based firewall/IDS that can be centrally
managed and has a decent logging system.  RealSecure looks like a good
choice for us, but I thought I'd ask if anyone's had experience or could
recommend an (or several) alternates?

Thanks,

Benjamin B. Williams
Senior Programmer/Analyst
Computer Lab Support Services
The Center for Academic Technologies
The George Washington University

(202) 412-4697 (m)
(202) 994-7611 (p)
(202) 994-3600 (f)

"Una giornata senza riso è una giornata sprecata"




---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------