Re: IDS Opinions

[Devdas Bhagat <devdas () dvb homelinux org>]

On 02/06/04 11:05 +0530, manish wrote:
<snip>
> options then the best fit will be Snort or CA. Snort is a freeware with
> ability to perform signature based and contact based intrusion
> detection. can work in inline or stealth mode. Can integrate with any
> firewall you can think of. Works on Linux machine. Doen not require high
> memory or CPU. Can perform wide range of responces. But U need little
> expertise on Linux for that.
If you are running any IDS, you should have extremely good knowledge of
your chosen platform to run the IDS on.
AFAIK, Snort runs on almost any Unix and not just Linux. 
I would not dare to run any IDS on MS Windows, for the simple reason that I
do not have enough understanding of MS Windows to do that properly.

> CA is Windows based IDS and has integrated Antivirus, URL Filter, and
> Content Inspection which are addons to the product. Highly user friendly
> and provide wide range of options. Problem is a little costl;y and works
> in low range loads only and requires high CPU and memory.
Any analyser needs gobs of CPU and RAM. 

If I may suggest it, the antivirus and URL filtering capabilities belong
to a firewall, not an IDS.

Devdas Bhagat

---------------------------------------------------------------------------

---------------------------------------------------------------------------