RE: Snort versus Cisco IDS [7:62939]

Thu, 13 Feb 2003 08:00:15 -0800 

comments in-line:


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 12, 2003 9:06 PM
To: [EMAIL PROTECTED]
Subject: Snort versus Cisco IDS [7:62939]


Someone told me in an authoritative voice today that Cisco doesn't recommend
their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a
big part of SAFE?
------------------------
i'm not at all surprised (mean no dis-respect to anyone).....the same reason
cisco don't use ciscoworks for managing their internal production
devices....the same reason m$ doesn't use their own source control software
for coding.....in my opinion open source rules. linux, mrtg and snort are
perfect examples.



Of course, the person who said this doesn't understand that Cisco is a huge,
chaotic organism, and that saying Cisco does something based on what one
person does, doesn't make sense.
--------------------
it depends whose talking ;-)



But I'm just curious, what do you all recommend for intrusion detection? How
do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more
complicated, requiring appliances or IDS cards in a switch and a console:
--------------------
oh boy, this is a loaded question.....but since you asked, in my opinion i'm
simply impressed by the rule sets that are being generated for snort as
compared to cisco ids...perfect example was slammer worm virus. snort
community had the rule set out in matter of couple hours. if need be you can
even get commercial support for snort similar to linux and mrtg. one could
argue between hardware and software ids solutions similar to hardware and
software ipsec encryption solutions. we can talk about this all day ;-)

ultimately its upto you to  make that decision, weighing pros and cons of a
product before making the investment (time/money/support/roi...etc). as you
know, there's 10 different ways to skin a cat....there's no silver bullet
;-)


rule #1: perfection is a myth, there's no perfect network.


regards,
/vicky



Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" that
runs on UNIX (Solaris and HP-UX)

Cisco Secure Policy Manager (v2.2+)Windows NT-based package

Thanks.

Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62964&t=62939
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to