.
Otherwise, you have nothing ...
(quite literally)
Thanks!
TJ
[EMAIL PROTECTED]
-Original Message-
From: Jim Brown [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 11:27 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Come on now, the slammer
Thank you very much everybody.
I think I have received some valuable info/background to get myself
started.
Sean
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63608t=63461
--
FAQ, list archives, and subscription info:
PROTECTED] On Behalf Of
Albert Lu
Sent: Friday, February 21, 2003 9:19 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Troy,
Must be some secure site, reason I was interested is that I had a
discussion
with someone else before in regards to multi-vendor IDS
: RE: ISS Real Secure Vs Cisco IDS [7:63461]-Automated IDS
[7:63557]
I cut out some of the other messages to concentrate on one issue,
automated IDS responses. If your automated IDS responses result in a
automated packet filter of any sort, I think you are doing yourself
a disservice. You
Sean Kim wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hello all,
My company is thinking about installing an IDS (dedicated appliance type)
for our network.
As far as I know, the Real Secure and the Cisco IDS are two biggest names
out there.
Actually, the biggest name of
Hi Sean,
I currently use Cisco IDSM (IDS module for the Cat6500), Nokia IDS, and
Snort on the server themselves. You can never be paranoid enough about
these sort of things. Each vendor has different exploits etc, so by
implementing a multi vendor path to your critical servers, you protect
once the IDS detects an attack? Logging it into the syslog server is
not enough.
Albert
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 21, 2003 7:53 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Sean,
I
: Friday, February 21, 2003 7:53 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Sean,
I currently use Cisco IDSM (IDS module for the Cat6500), Nokia
IDS, and
Snort on the server themselves. You can never be paranoid
enough about
these sort of things
You can span/mirror 2 ports into one so we only have one set at each ISP
connection.
Most of the action is manual with the exception of some fairly proven
exploits that we use ISS kills to handle, such as Napster traffic ( not a
big deal now that it's gone ), gnutella, code red, DNS I-queries,
, February 21, 2003 10:57 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
As with most things, you need to way up costs againts your requirements. IN
our case, security is absolutely essential, so having a multivendor security
solutions (and indeed fully redundant) is costly
There are some papers comparing IDS solution (Cisco, ISS, Snort, etc) on
NSS.
The did a good job.
http://www.nss.co.uk/
Paulo Roque
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63510t=63461
--
FAQ, list archives, and
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
As with most things, you need to way up costs againts your
requirements. IN
our case, security is absolutely essential, so having a
multivendor security
solutions (and indeed fully redundant) is costly, but we see
Albert Lu wrote in message news:[EMAIL PROTECTED]
how quickly can you respond to your alerts? Since for some attacks, a half
hour response time could cause your site to be down (eg. slammer virus).
If
that was the case, even if you had all the vendor's IDS, it will be
useless.
Just to soapbox
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 22, 2003 1:51 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Albert,
We have 24x7 cover so that response time is pretty quick. (and a very well
defined escalation procedure).
However
Of
Albert Lu
Sent: Friday, February 21, 2003 9:19 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Troy,
Must be some secure site, reason I was interested is that I had a
discussion
with someone else before in regards to multi-vendor IDS solutions and
how
effective
Of
Albert Lu
Sent: Friday, February 21, 2003 9:19 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Troy,
Must be some secure site, reason I was interested is that I had a
discussion
with someone else before in regards to multi-vendor IDS solutions and
how
effective
You are correct. That's why security should be a belt and suspenders
approach.
For the Code red stuff, SQL slammer, etc, we just used NBAR on Cisco to drop
the packets.
http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml#1
ISS gets some stuff, Checkpoint is good at getting some other
Hello all,
My company is thinking about installing an IDS (dedicated appliance type)
for our network.
As far as I know, the Real Secure and the Cisco IDS are two biggest names
out there. So I checked out the documents and white papers provided by the
each company, but I couldn't really come up
One fact to take in account, Cisco's IDS can interact with a router or a Pix
(assuming the said router/pix is between the IDS and the public network) and
modify acl for incoming traffic to deny IP traffic from intruder's IP
address, you can set up how much time the intruder's IP will be blocked.
I use ISS, NFR and Checkpoint for IDS stuff but am looking into doing Cisco
IDS on CAT 6500 stuff.
I would get all of 'em if you can afford it. Each has missed stuff and has
faults in one way or another.
I tried the Cisco stuff 2 years ago and thought it was at the bottom of the
heap then. Am
20 matches
Mail list logo