IDS mailing list archives
Re: IDS Opinions
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Mon, 7 Jun 2004 21:58:58 +0530
On 02/06/04 11:05 +0530, manish wrote: <snip>
options then the best fit will be Snort or CA. Snort is a freeware with ability to perform signature based and contact based intrusion detection. can work in inline or stealth mode. Can integrate with any firewall you can think of. Works on Linux machine. Doen not require high memory or CPU. Can perform wide range of responces. But U need little expertise on Linux for that.
If you are running any IDS, you should have extremely good knowledge of your chosen platform to run the IDS on. AFAIK, Snort runs on almost any Unix and not just Linux. I would not dare to run any IDS on MS Windows, for the simple reason that I do not have enough understanding of MS Windows to do that properly.
CA is Windows based IDS and has integrated Antivirus, URL Filter, and Content Inspection which are addons to the product. Highly user friendly and provide wide range of options. Problem is a little costl;y and works in low range loads only and requires high CPU and memory.
Any analyser needs gobs of CPU and RAM. If I may suggest it, the antivirus and URL filtering capabilities belong to a firewall, not an IDS. Devdas Bhagat --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: IDS Opinions Harper, Patrick (Jun 01)
- <Possible follow-ups>
- RE: IDS Opinions Danislav Kostov (Jun 01)
- RE: IDS Opinions Martin (Jun 02)
- Re: IDS Opinions manish (Jun 02)
- Re: IDS Opinions Devdas Bhagat (Jun 14)
- RE: IDS Opinions Steve Massa (Jun 02)
- RE: IDS Opinions NTL World - Chris Standard (Jun 18)
- RE: IDS Opinions fr0ck9 (Jun 02)
- Re: IDS Opinions mills (Jun 02)
- Re: IDS Opinions Nik Schild (Jun 07)
- Re: IDS Opinions Brian (Jun 07)
- Re: IDS Opinions gcb33 (Jun 07)
- Re: IDS Opinions Greg Martin (Jun 09)
- FW: IDS Opinions Madalin Bratu (Jun 21)