Re: Which GIDS to use? Snort-inlie, snortsam or hogwash?

[Frank Knobbe <fknobbe () knobbeits com>]

On Thu, 2003-01-16 at 18:55, Jason Silverglate wrote:
> Which GIDS to use? Snort-inlie, snortsam or hogwash?
>
> What are the benefits of each?  what are the downsides?

Just for the record, SnortSam is not a GIDS. Snort-Inline and Hogwash to
the filtering/blocking on that Snort box. SnortSam just collects
blocking requests from several Snort boxes and passes them to
firewalls/routers to block there. Completely different in nature.

And that is one of the benefits. If you want you 20 Cisco PIXes, 10
Netscreens, and 55 Checkpoint firewalls in your enterprise wide LANS all
over the world, all at the same time block out an intruder (in essence,
close all your Internet, partner, and links or whatever) for a defined
period of time, then SnortSam is for you. It does not block on the Snort
box itself, it just acts as a proxy to control other devices.

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part