IDS mailing list archives

RE: IDS ISS

From: <PPowenski () oag com>
Date: Wed, 25 May 2005 08:47:03 +0100

Wholeheartily agree....
Have had several years experience with ISS.
Snort has been solid here for over two years, updates to the current
release have been performed since 1.8.7 which have been smooth, reliable
and very flexible. Upgraded from ACID to BASE and now setting up SGUIL
again with no difficulties.
Sourcefire is doing some very interesting and innovative work with snort
as its detection engine. 

If you plan on pursing ISS look very, very, carefully at the setup,
restrictions i.e. what parts can be loaded onto a single box and what
order they need to be installed and upgraded, architecture requirements,
and how much work it will be to keep it running.

Have setup Snort on every platform that it is distributed for, in every
combination i.e. web, db, on the sensor or on another box and have not
had any issues. You need to consider performance and the amount of
traffic for various configurations.






-----Original Message-----
From: Joel Esler [mailto:eslerj () gmail com] 
Sent: 20 May 2005 12:58
To: THolman () toplayer com
Cc: anatole.berteau () turbomeca fr; focus-ids () securityfocus com
Subject: Re: IDS ISS


I concur.  I would always go with Snort over ISS anyday.  I've tested  
and ran both at the same time on the same network, and Snort not only  
out performs, but it would be much easier to look at the data and  
configure the IDS.  (Or IPS..  Look into Snort-inline)

Joel Esler

On May 19, 2005, at 8:11 PM, THolman () toplayer com wrote:

Hi Anatole,

What was wrong with Snort?
There are plenty of implementations possible and it is highly tunable,
plus
you get to see the signatures.
If it's performance you're worried about, consider running on a  
platform
such as SourceFire.
Is it purely a detection-based solution you're looking for, or do you

have
the means to prevent intrusions inline already?

Regards,

Tim

-----Original Message-----
From: Berteau Anatole [mailto:anatole.berteau () turbomeca fr]
Sent: 17 May 2005 17:03
To: focus-ids () securityfocus com
Subject: IDS ISS



Hello,

I'm testing IDS solution. After Snort, i'm beginning to work with ISS.

What's the minimum architecture to use ISS? Is it possible to use only
a
network sensor? If this solution is available, what's the solution to
consult alerts?

Thanks

Anatole

----------------------------------------------------------------------
-
---
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from

CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.

-----------------------------------------------------------------------

---

----------------------------------------------------------------------
-
---
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from

CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.

-----------------------------------------------------------------------

---



------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--
NOTICE: This e-mail is intended for the named recipient(s). It may contain privileged and/or confidential information. 
If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail and 
attachment(s): you must not copy, distribute, retain or take any action in reliance upon the email or attachment(s). 
While all reasonable efforts are made to safeguard inbound and outbound e-mails, OAG Worldwide Ltd and its affiliate 
companies cannot guarantee that attachments are virus-free or are compatible with your systems, and does not accept 
liability in respect of viruses or computer problems experienced. Thank you.


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

Current thread:

IDS ISS Berteau Anatole (May 18)
- Re: IDS ISS Jonathan Glass (May 19)
- RE: IDS ISS Siddharth Phadnis (May 19)
- <Possible follow-ups>
- RE: IDS ISS Palmer, Paul (ISSAtlanta) (May 19)
- Re: IDS ISS David DiGennaro (May 19)
- RE: IDS ISS THolman (May 19)
  - Re: IDS ISS Joel Esler (May 24)
- RE: IDS ISS PPowenski (May 28)