Carric writes:
>The main advantages to NFR are it's speed and adaptability. A
>disadvantage may be it's adaptability. =) You will need someone on staff
>with some programming skills to build the custom scripts you may want to
>add to the existing NFR package.
By the way, that's not necessary anymore. With the commercial
version of the NFR you get a complete set of ID filters written
by the folks at L0pht Heavy Industries and NFR. There are also
filter sets available from our other resellers as added value.
If you want completely custom scripts, you can develop them
yourself or modify the ones that come with the appliance. So
it's a completely open system with a lot of pre-configured
top-notch detection logic: the best of both worlds.
We've also done a lot to make installation easier. Instead of
having to install UNIX or NT, patch it, secure it, and then
install software on top of it, the NFR appliance installation
looks like this:
1) Take a system in our supported configuration
2) Put the NFR CD in the CDROM drive
3) Turn it on
4) Answer a page of questions
... and you have a fully functioning IDS. (I left "plug it in"
as an exercise for the reader)
Upgrading looks like this:
1) Shut down the system
2) Replace the CDROM
3) Hit "reset"
The whole system runs off the CDROM, so it's tamper-proof. The
hard disk is used to store data and mirror filter rules from
the central repository.
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
