I use ISS, NFR and Checkpoint for IDS stuff but am looking into doing Cisco IDS on CAT 6500 stuff.
I would get all of 'em if you can afford it. Each has missed stuff and has faults in one way or another. I tried the Cisco stuff 2 years ago and thought it was at the bottom of the heap then. Am going to eval it next month for a month to see what it's like now. My IDS approach has been to stage NFR on the outside of the firewall, Checkpoint Firewall 1's IDS runs on the firewall, and have ISS after the firewall to wack anything else that get's through. Since ISS can tie into the firewall that works for some weird cases but, as a rule, I am very careful on how I use that feature as you can DOS yourself if you are not careful and the intruders can use it against you as well. I am thinking of using Cisco IDS on the CAT6500 ( core of network ) with little or not signatures at first and only put signatures on them when a situation occurs such as Code Red, SQL snake, etc., until network is clean and then remove it again or something in that line of thinking anyway. Anyway, that's my line of thought....... YMMV ( Your Mileage May Vary ) and just my .02 worth, etc., etc., .......... ;-) Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63474&t=63461 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]