Re: IDS Opinions

[manish <mawasthi () hclinsys com>]

Dear All,

I will strongly recommend to keep in view what you are looking for and
what is the throughput requirement for the IDS. If you are looking for
the basic 10/100 Mbps then the option can be follows : -

Cisco
Enterasys Dragon
CA
Manhunt
Snort
tipping point
Realsecure.

If you are looking for High end stuff say in Gbps range you have to
consider the following options: -
Netscreen
ISS Proventia
Macfee's Intrushield
Manhunt
Cisco ( only till 1 Gbps)
Stonegte

If you are looking for a small business environment with not many users
( 200-500) and looking for cheaper, stable product with more many
options then the best fit will be Snort or CA. Snort is a freeware with
ability to perform signature based and contact based intrusion
detection. can work in inline or stealth mode. Can integrate with any
firewall you can think of. Works on Linux machine. Doen not require high
memory or CPU. Can perform wide range of responces. But U need little
expertise on Linux for that.
CA is Windows based IDS and has integrated Antivirus, URL Filter, and
Content Inspection which are addons to the product. Highly user friendly
and provide wide range of options. Problem is a little costl;y and works
in low range loads only and requires high CPU and memory.

Manish Awasthi
Network Security Consultant
HCL Infosystems Ltd.



> Hi to all of you!
> I've tried CA-IDS: http://www.ca.com/
> Very nice tool with a lot of gadgets BUT:
> Still expensive for some companies (license based on the connections),
> Needs a lot of power (CPU+RAM) to take advantage of all the functions...
> I recommend you to download the trial and test it yourself... and PLS, share
> your opinion after that.
>
> Best Regards,
> Danislav Kostov
>
> -----Original Message-----
> From: Tarek Amr Abdullah [mailto:tabdullah () salec com eg] 
> Sent: Sunday, May 30, 2004 10:39 AM
> To: focus-ids () securityfocus com
> Subject: RE: IDS Opinions
>
> Crayola,
>
> I recommend either ISS Proventia or Juniper NetScreen IDP. As I am not
> with deploying IDSs unless they are high quality and reliable. Otherwise
> if you choosed "Sourcefire's, Dragon (Enterasys), and Symantec's
> manhunt." For financial reasons. Then I think you may deploy Snort
> instead as it is open source, and also sourcefire is built upon snort. 
>
> Best Regards,
> Tarek Amr Abdallah
>
> -----Original Message-----
> From: crayola () optonline net [mailto:crayola () optonline net] 
> Sent: Friday, May 28, 2004 10:23 PM
> To: focus-ids () securityfocus com
> Subject: IDS Opinions
>
> Folks, 
>
> I am currently in the middle of an RFP process to buy a new Network ids 
> system for my company. I have narrowed it down to 
>
> Sourcefire's, Dragon (Enterasys), and Symantec's manhunt. 
>
> I would love to hear your opinions about these products if you use or 
> have used them. Anything you can share would be great. I am really
> looking 
> for some nonsales type opinions about how they work in the real world. 
>
> Thanks, 
> Mike
>
>
> ------------------------------------------------------------------------
> ---
>
> ------------------------------------------------------------------------
> ---
>
>
> ---------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
>
>
>
> ---------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
>
>  


--
Thanks and Regards

Manish Awasthi mawasthi () hclinsys com
Network Security Consultant,
HCL Infosystems Ltd.
E-4,5,6, Sector-11,Noida

Phone : 91-95120-2538953
FAX   : 91-95120-2550923
Mobile: 91-9891663832



---------------------------------------------------------------------------

---------------------------------------------------------------------------