IDS mailing list archives
RE: ISS RealSecure/SiteProtector or another IDS/firewall client?
From: "Bohling James CONT JBC" <james.bohling () JBC JFCOM MIL>
Date: Wed, 26 Nov 2003 12:04:54 -0500
My team here has done some pretty good research and assessment on the ISS SiteProtector system. There conclusion is that it is way too immature and that Group manager should be used until future upgrades. I also would suggest that the group manager be looked at because of the maturity. However, with the ISS products the interfaces are not too intuitive or clean. Also, I would definitely look into the open source products, tripwire and snort (Now supports Windows and Linux), Samhain, Integrit, Osiris, and Prelude. We have had a lot of success with open source products and the life cycle and open support for Snort is very good for being open source. Up to now, this isn't verified by any supporting authority but a lot of the IDS's out there are using the opensource technologies under the covers with proprietary changes. Look at sourcefire the underbelly is Snort (I know that Marty Roesch created Snort and started Sourcefire) but it is just an example of what technologies are using. Thank You, James T. Bohling, CCNA, Security+, MCP-Win2k Network Security Engineer - JBC CoE Joint C4ISR Battle Center (AMSEC) 116 Lake View Parkway Suffolk, VA 23435 (W) 757-638.4032 Web: www.jbc.jfcom.mil This email was produced and manufactured in America, and is a one-of-a-kind original. -----Original Message----- From: Luke Leboeuf [mailto:luke () arcsight com] Sent: Tuesday, November 25, 2003 1:04 PM To: Benjamin B. Williams; focus-ids () securityfocus com; firewalls () securityfocus com Subject: RE: ISS RealSecure/SiteProtector or another IDS/firewall client? By client based IDS do you mean host based IDS? If so, I would recommend Okena Stormwatch (now owned by Cisco) over ISS or even tripwire. What version of ISS are you looking towards? Realsecure 6.x or Siteprotector 2.X? Luke LeBoeuf ArcSight, Inc. (c) 571.331.3809 (e) luke () arcsight com http://www.arcsight.com CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute, notify the sender by E-Mail at the address shown and delete the original message along with any attachments. Thank you for your compliance -----Original Message----- From: Benjamin B. Williams [mailto:benw () gwu edu] Sent: Tuesday, November 25, 2003 11:23 AM To: focus-ids () securityfocus com; firewalls () securityfocus com Subject: ISS RealSecure/SiteProtector or another IDS/firewall client? Hey all - Has anyone had experience with ISS products, particularly their RealSecure line? We are planning for the upgrade (several years late) to Windows XP in our computer labs, and need a client-based firewall/IDS that can be centrally managed and has a decent logging system. RealSecure looks like a good choice for us, but I thought I'd ask if anyone's had experience or could recommend an (or several) alternates? Thanks, Benjamin B. Williams Senior Programmer/Analyst Computer Lab Support Services The Center for Academic Technologies The George Washington University (202) 412-4697 (m) (202) 994-7611 (p) (202) 994-3600 (f) "Una giornata senza riso รจ una giornata sprecata" --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- ISS RealSecure/SiteProtector or another IDS/firewall client? Benjamin B. Williams (Nov 25)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Alan Shimel (Nov 26)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Gwendolynn ferch Elydyr (Nov 26)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Jack Whitsitt (jofny) (Nov 26)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Mike Lyman (Nov 27)
- Re: ISS RealSecure/SiteProtector or another IDS/firewall client? Mike Lyman (Nov 26)
- <Possible follow-ups>
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Luke Leboeuf (Nov 25)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Sergey V. Gordeychik (Nov 26)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Bohling James CONT JBC (Nov 26)
- Re: ISS RealSecure/SiteProtector or another IDS/firewall client? Martin Roesch (Nov 27)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Teicher, Mark (Mark) (Nov 27)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Teicher, Mark (Mark) (Nov 27)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Chan Kien Eng (Nov 27)
- Re: ISS RealSecure/SiteProtector or another IDS/firewall client? Andrew Plato (Nov 27)
- RE: ISS RealSecure/SiteProtector or another IDS/firewall client? Alan Shimel (Nov 26)