Gee.. Um, ISS? =)
If you get RealSecure and their Internet Scanner you have that whole range
covered. They use a combination of host-based and network probe type
engines to monitor what is on the wire as well as protecting key hosts.
The scanner does EXTENSIVE vulnerability testing on most any platform that
runs IP (not AS400 or mainframe however other than common poor IP
configuration type exploits).
One drawback however is that they do not give the tools away for free.
Prepare yourself for sticker shock. Keeping things in perspective
however, would you rather own a Rolls Royce or a Yugo? You really do get
what you pay for.
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Fri, 9 Jul 1999, Ben Nagy wrote:
> Yeah, I was wondering the same thing. I have Cybercop Server on my desk,
> which looks like pretty fair host IDS, provided it works as per the manual
> (just like Gauntlet 5? *poke poke*) but I don't know about calling it a
> network IDS. I haven't run across Cybercop Monitor (mentioned in Ty's .sig)
> in any of the NAI stuff I've seen, but that could just be because nobody
> ships any decent &^$%&^$ software to Australia ;)
>
> Then again, I'm woefully underinformed about what's out there and what it
> can do. How about someone enlighten me?
>
> I guess there are three components to a decent IDS:
>
> 1. Host based, which should be able to protect / restore core components,
> have real logging / alerts etc etc
> 2. Network "sniffer" based, which watch the network for suspicious activity,
> even when the activity is not aimed at the monitoring station
> 3. Vulnerability testers, port scanners, network mappers, et al which are
> used to baseline and audit but are of limited use once the network has been
> "secured"
>
> Whose stuff does what?
>
> --
> Ben Nagy
> Network Consultant, CPM&S Group of Companies
> Ph: +61 8 8422 8319 Mb: +61 414 411 520
>
>
> > -----Original Message-----
> > From: Carric Dooley [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, July 09, 1999 2:18 AM
> > To: Mellon, Ty
> > Cc: 'SiOL CERT'; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: RE: Net Ranger vs. RealSecure vs. NFR
> >
> >
> > Oh wow, has the CyberCop IDS piece been released yet? I was
> > not aware if
> > it had.
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
