We are using NetProwler, the son of IDTrak. Seems to work well and has tight hooks into Firewall1, which we found useful. Porting user-defined reports to .html is also a useful way to keep exec's informed without them needing to touch the system. Wayde R. York [EMAIL PROTECTED] O-703.295.0236 / P-877.831.6560 Web http://www.eds-dlct.com PGP Key http://pgpkeys.mit.edu:11371 > -----Original Message----- > From: Bard, Heather [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, June 03, 1999 8:24 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: IDS > > >It anyone using intruder detection programs out there? Any > >recommendations? > > > > If there is an IDS list these questions would be more appropriate there... > > We are using both ISS Real Secure and Cisco's Net Ranger Director - there > are pluses and minuses for both. Both have GUI based management, both are > non-intrusive (monitor the network traffic on the side without having the > packets stop at the machine while they are being inspected). > > ISS Real Secure is somewhat more robust and currently allows automatic > changes to certain Firewall products i.e. FW-1, and is good for a local > monitoring situation. It currently does not have the capabilites for > multiple locations of monitoring (a hierarchy), due to the encryption > between detection tool and manager. And is somewhat more difficult to > learn. It is recommended that both peices run on their own boxes due to > the > amount of traffic. > > http://www.iss.net/prod/rs.php3 > > Net Ranger Director is currently only available as a plug in to HPOV > (solaris or nt), but will be available as a standalone in the future. The > sensor can be a standalone box (solaris) or in July as a component on > certain Cisco routers in a slightly reduced capacity. NRDirector does > allow > for a heirarchy, and event correlation to a higher manager to reduce > bandwidth usage. > > http://www.cisco.com/warp/public/cc/cisco/mkt/security/nranger/prodlit/net > ra > _ov.htm > > As with any Security product you need to evaluate the products and based > on > your system needs determine what you need to use. > > Heather Bard > GTE > Systems Security Engineer > > ------------------------------------------ > All above statements are personal opinion. > ------------------------------------------ > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
