Yeah, I was wondering the same thing. I have Cybercop Server on my desk,
which looks like pretty fair host IDS, provided it works as per the manual
(just like Gauntlet 5? *poke poke*) but I don't know about calling it a
network IDS. I haven't run across Cybercop Monitor (mentioned in Ty's .sig)
in any of the NAI stuff I've seen, but that could just be because nobody
ships any decent &^$%&^$ software to Australia ;)
Then again, I'm woefully underinformed about what's out there and what it
can do. How about someone enlighten me?
I guess there are three components to a decent IDS:
1. Host based, which should be able to protect / restore core components,
have real logging / alerts etc etc
2. Network "sniffer" based, which watch the network for suspicious activity,
even when the activity is not aimed at the monitoring station
3. Vulnerability testers, port scanners, network mappers, et al which are
used to baseline and audit but are of limited use once the network has been
"secured"
Whose stuff does what?
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Ph: +61 8 8422 8319 Mb: +61 414 411 520
> -----Original Message-----
> From: Carric Dooley [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 09, 1999 2:18 AM
> To: Mellon, Ty
> Cc: 'SiOL CERT'; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Net Ranger vs. RealSecure vs. NFR
>
>
> Oh wow, has the CyberCop IDS piece been released yet? I was
> not aware if
> it had.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
