I agree with your three parts synopsis, although I would add that the
consolidation of this information to a central point for analysis so all
components can be analysed as one is arguably a fourth. As for who does this
as far as I can tell (and please correct me if I've missed a feature of a
product).
1. Nai, Axent, ISS, Cisco on cisco devices
2. NFR, ISS, Axent, Cisco
3. ISS, NAI
NAI is releasing a network probe 'soon'. There are of course other products
that fit the individual categories, especially in the Host IDS and scanner
areas.
Regards,
Ralph Pyne.
-----------------------------------------------
Yeah, I was wondering the same thing. I have Cybercop Server on my desk,
which looks like pretty fair host IDS, provided it works as per the manual
(just like Gauntlet 5? *poke poke*) but I don't know about calling it a
network IDS. I haven't run across Cybercop Monitor (mentioned in Ty's .sig)
in any of the NAI stuff I've seen, but that could just be because nobody
ships any decent &^$%&^$ software to Australia ;)
Then again, I'm woefully underinformed about what's out there and what it
can do. How about someone enlighten me?
I guess there are three components to a decent IDS:
1. Host based, which should be able to protect / restore core components,
have real logging / alerts etc etc
2. Network "sniffer" based, which watch the network for suspicious activity,
even when the activity is not aimed at the monitoring station
3. Vulnerability testers, port scanners, network mappers, et al which are
used to baseline and audit but are of limited use once the network has been
"secured"
Whose stuff does what?
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Ph: +61 8 8422 8319 Mb: +61 414 411 520
***********************************************************************
The information in this email and in any attachments is confidential and intended
solely for the attention and use of the named addressee(s). This information may be
subject to legal professional or other privilege or may otherwise be protected by work
product immunity or other legal rules. It must not be disclosed to any person without
our authority.
If you are not the intended recipient, or a person responsible for delivering it to
the intended recipient, you are not authorised to and must not disclose, copy,
distribute, or retain this message or any part of it.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
