>It anyone using intruder detection programs out there? Any >recommendations? > If there is an IDS list these questions would be more appropriate there... We are using both ISS Real Secure and Cisco's Net Ranger Director - there are pluses and minuses for both. Both have GUI based management, both are non-intrusive (monitor the network traffic on the side without having the packets stop at the machine while they are being inspected). ISS Real Secure is somewhat more robust and currently allows automatic changes to certain Firewall products i.e. FW-1, and is good for a local monitoring situation. It currently does not have the capabilites for multiple locations of monitoring (a hierarchy), due to the encryption between detection tool and manager. And is somewhat more difficult to learn. It is recommended that both peices run on their own boxes due to the amount of traffic. http://www.iss.net/prod/rs.php3 Net Ranger Director is currently only available as a plug in to HPOV (solaris or nt), but will be available as a standalone in the future. The sensor can be a standalone box (solaris) or in July as a component on certain Cisco routers in a slightly reduced capacity. NRDirector does allow for a heirarchy, and event correlation to a higher manager to reduce bandwidth usage. http://www.cisco.com/warp/public/cc/cisco/mkt/security/nranger/prodlit/netra _ov.htm As with any Security product you need to evaluate the products and based on your system needs determine what you need to use. Heather Bard GTE Systems Security Engineer ------------------------------------------ All above statements are personal opinion. ------------------------------------------ - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
