Hi, I'm just curious about your multi-vendor solution. It must cost quite alot in order to have 3 IDS running. What about redundancy, if you are using dual switch/router/fw/ids, you would have a total of 6 IDS.
Being able to detect attacks with multiple IDS is one thing. What action can it take once the IDS detects an attack? Logging it into the syslog server is not enough. Albert -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, February 21, 2003 7:53 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Sean, I currently use Cisco IDSM (IDS module for the Cat6500), Nokia IDS, and Snort on the server themselves. You can never be paranoid enough about these sort of things. Each vendor has different exploits etc, so by implementing a multi vendor path to your critical servers, you protect yourself from any signle vendor specific exploit! Sean Kim wrote: > > Hello all, > > My company is thinking about installing an IDS (dedicated > appliance type) for our network. > As far as I know, the Real Secure and the Cisco IDS are two > biggest names out there. So I checked out the documents and > white papers provided by the each company, but I couldn't > really come up with what the differences are between them, and > which one is better suited for our network. > > Can anyone voice their opinion about these two IDS? > > Thanks, > > Sean Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63500&t=63461 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
