There is a windows port of Snort, but I've never used it, so I can't tell you much about it from personal experience. Those I know who've tried it usually recommend sticking with Unix.
Your mileage may vary, but you might have an easier time getting snort running on FreeBSD since there's a very good whitepaper at snort.org that details installation on FreeBSD. At 05:19 PM 2/13/2003 +0000, you wrote: >Thanks for all the replies. It's very helpful to get a feel for the >differences. To quickly synthesize what I've read, I would say that Cisco's >IDS is an enterprise, end-to-end solution, with improving reliability and >ease-of-use. Snort, on the other hand, is more appropriate for the midsize >or smaller companies with Unix expertise and has all the advantages of an >open-source project, but has some ease-of-use "issues" of its own. > >I have a low-cost computer on order. I'm going to squeeze Windows XP into a >small partition (should just wipe it out maybe? ;-) and install Red Hat and >learn Linux better. I'll be tearing my hair out I'm sure! But before long, >I'll have Snort running too. > >I guess it only runs on UNIX platforms? > >Priscilla > >Carroll Kong wrote: > > > > Backing up what Craig said, Snort is probably better performing > > in > > terms of cost/performance than almost all the IDSes out there, > > including Cisco. It does not have a end to end solution to > > make > > one's life easier though, at least not out of the box. > > > > Of course, you will need some sort of a unix background to set > > it up, > > and I do not mean installing Solaris with GUI tools. Pretty > > easy to > > anyone who has worked with a FreeBSD or a Linux box (without > > using > > GUI all over the place and/or rpms everywhere). The idea of no > > GUI > > is probably quite daunting to "enterprise" level engineers. > > > > > > You COULD make it have a lot of the "enterprise level" > > features, but > > it requires a lot of work on your part, and of course no > > commercial > > support, so you are on your own. (So, add this to your end > > cost...) > > > > If you want a GUI frontend to snort, you can try Demarc, or > > what they > > call themselves "PureSecure" now. There are also some freeware > > analyzers, but Demarc/PureSecure is definately one of the > > nicest > > ones. Albeit, it had some bugs, fortunately since they give > > you > > their cgis, if you know some perl, you can patch it yourself > > before > > they get around to it. (unless they changed this behavior, the > > last > > I used was 1.05). > > > > Puresecure DOES charge for commercial usage, which I suppose > > puts a > > damper on it. Their licensing is a bit ridiculous. However, > > the > > pricing should still be very competitive. > > > > It's a mixed bag, but if you know your Unix, seems like Snort > > is a > > much cheaper (if you know Unix and programming very well, the > > disadvantages aren't that big) IDS solution. > > > > If you don't, oh well, like all things in life, pay the price > > for > > one's ignorance. :) > > > > > Someone told me in an authoritative voice today that Cisco > > doesn't recommend > > > their IDS. They recommend Snort. Is this really true? Isn't > > Cisco's IDS a > > > big part of SAFE? > > > > > > Of course, the person who said this doesn't understand that > > Cisco is a huge, > > > chaotic organism, and that saying Cisco does something based > > on what one > > > person does, doesn't make sense. > > > > > > But I'm just curious, what do you all recommend for intrusion > > detection? How > > > do Snort and Cisco IDS compare? I guess Cisco's solution is a > > bit more > > > complicated, requiring appliances or IDS cards in a switch > > and a console: > > > > > > Cisco Secure IDS DirectorHP OpenView Network Node Manager > > "plug-in" that > > > runs on UNIX (Solaris and HP-UX) > > > > > > Cisco Secure Policy Manager (v2.2+)Windows NT-based package > > > > > > Thanks. > > > > > > Priscilla > > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62977&t=62939 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
