comments in-line:
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 9:06 PM To: [EMAIL PROTECTED] Subject: Snort versus Cisco IDS [7:62939] Someone told me in an authoritative voice today that Cisco doesn't recommend their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a big part of SAFE? ------------------------ i'm not at all surprised (mean no dis-respect to anyone).....the same reason cisco don't use ciscoworks for managing their internal production devices....the same reason m$ doesn't use their own source control software for coding.....in my opinion open source rules. linux, mrtg and snort are perfect examples. Of course, the person who said this doesn't understand that Cisco is a huge, chaotic organism, and that saying Cisco does something based on what one person does, doesn't make sense. -------------------- it depends whose talking ;-) But I'm just curious, what do you all recommend for intrusion detection? How do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more complicated, requiring appliances or IDS cards in a switch and a console: -------------------- oh boy, this is a loaded question.....but since you asked, in my opinion i'm simply impressed by the rule sets that are being generated for snort as compared to cisco ids...perfect example was slammer worm virus. snort community had the rule set out in matter of couple hours. if need be you can even get commercial support for snort similar to linux and mrtg. one could argue between hardware and software ids solutions similar to hardware and software ipsec encryption solutions. we can talk about this all day ;-) ultimately its upto you to make that decision, weighing pros and cons of a product before making the investment (time/money/support/roi...etc). as you know, there's 10 different ways to skin a cat....there's no silver bullet ;-) rule #1: perfection is a myth, there's no perfect network. regards, /vicky Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" that runs on UNIX (Solaris and HP-UX) Cisco Secure Policy Manager (v2.2+)Windows NT-based package Thanks. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62964&t=62939 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]