hi, it`s even worse than you thought.......
the unix director no longer exsists ....... the policy manager has now gone,and is now included as part of the new ciscoworks VPN/Secuirty 2.1 SUITE of software...and you can`t get it seperatly.. ......... the ids hook into OV simple report`s messages/error`s to the alarm server ....from there you can do what you would do with ordinary events (sms/email) the blade`s themselfs are REALLY good ,because they sit on the backplane of your core and see EVERYTHING ... they drop less packets than other hardware probes (from MY experience ) and have no Boundaries.....(ie broadcast domain )...again this is all from my experience the software... hmmm... the onboard (as it is just a solaris box) is quite good and the event browser is OK... the way we have done it is to put a total of 2 cards into both our core`s and have them report to CW2k LMS ..for some sys messages OV 6.2 for alert`s IEV for alert`s .. our server team uses ISS Realsecure and we might forgo the IEV and pump alarm`s to that as it has a better alarm/report browser tool .. regards steve ----- Original Message ----- From: "Priscilla Oppenheimer" To: Sent: Thursday, February 13, 2003 5:06 AM Subject: Snort versus Cisco IDS [7:62939] > Someone told me in an authoritative voice today that Cisco doesn't recommend > their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a > big part of SAFE? > > Of course, the person who said this doesn't understand that Cisco is a huge, > chaotic organism, and that saying Cisco does something based on what one > person does, doesn't make sense. > > But I'm just curious, what do you all recommend for intrusion detection? How > do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more > complicated, requiring appliances or IDS cards in a switch and a console: > > Cisco Secure IDS Director-HP OpenView Network Node Manager "plug-in" that > runs on UNIX (Solaris and HP-UX) > > Cisco Secure Policy Manager (v2.2+)-Windows NT-based package > > Thanks. > > Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63038&t=62939 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
