I have to concur with Anan with how nice the new interfaces are to maneuver. Last week I had the pleasure of taking the new IDS course version 3.0 and had a chance to work with the parts. They were fairly easy to learn and produce results. If you only have a few sensors the IEV (IDS Event Viewer) seemed to be fairly logical. If you have a combination of host based sensors (Entercept), appliances (solaris based), the 65xx blade sensor (similar to a well known operating system), PIX and IOS based IDS the information can all be funneled into the CW2K VMS pluggin. From what I learned you do not need to already have CW2K. The package installs the "common services" so that you can manage everything from it.
Knowing that the appliance works on a unix platform it may well be very similiar to SNORT. It would be nice to hear from someone that has used both to see if this is a fair statement. I have not worked with SNORT and will be the last person to say it is not useful. Over the next few months I may venture to learn it so I can make an informed decision. But over all coming from a "void of IDS knowledge" standpoint, I did find Cisco's product fairly easy to set up and use. Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62950&t=62939 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
