One fact to take in account, Cisco's IDS can interact with a router or a Pix
(assuming the said router/pix is between the IDS and the public network) and
modify acl for incoming traffic to deny IP traffic from intruder's IP
address, you can set up how much time the intruder's IP will be blocked.
R
I use ISS, NFR and Checkpoint for IDS stuff but am looking into doing Cisco
IDS on CAT 6500 stuff.
I would get all of 'em if you can afford it. Each has missed stuff and has
faults in one way or another.
I tried the Cisco stuff 2 years ago and thought it was at the bottom of the
heap then. Am goin
""Sean Kim"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello all,
>
> My company is thinking about installing an IDS (dedicated appliance type)
> for our network.
> As far as I know, the Real Secure and the Cisco IDS are two biggest names
> out there.
Actually, the biggest n
Hi Sean,
I currently use Cisco IDSM (IDS module for the Cat6500), Nokia IDS, and
Snort on the server themselves. You can never be paranoid enough about
these sort of things. Each vendor has different exploits etc, so by
implementing a multi vendor path to your critical servers, you protect
your
take once the IDS detects an attack? Logging it into the syslog server is
not enough.
Albert
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 21, 2003 7:53 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Sea
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 21, 2003 7:53 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
>
>
> Hi Sean,
>
> I currently use Cisco IDSM (IDS modul
You can span/mirror 2 ports into one so we only have one set at each ISP
connection.
Most of the action is manual with the exception of some fairly proven
exploits that we use ISS "kills" to handle, such as Napster traffic ( not a
big deal now that it's gone ), gnutella, code red, DNS I-queries, e
riday, February 21, 2003 10:57 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
As with most things, you need to way up costs againts your requirements. IN
our case, security is absolutely essential, so having a multivendor security
solutions (and indeed fully redundant) is c
There are some papers comparing IDS solution (Cisco, ISS, Snort, etc) on
NSS.
The did a good job.
http://www.nss.co.uk/
Paulo Roque
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63510&t=63461
--
FAQ, list archives, and subscri
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 21, 2003 10:57 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
>
>
> As with most things, you need to way up costs againts your
> requirements. IN
> our case, sec
""Albert Lu"" wrote in message news:[EMAIL PROTECTED]
> how quickly can you respond to your alerts? Since for some attacks, a half
> hour response time could cause your site to be down (eg. slammer virus).
If
> that was the case, even if you had all the vendor's IDS, it will be
useless.
Just to so
s game.
Regards,
Albert
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 22, 2003 1:51 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Albert,
We have 24x7 cover so that response time is pretty quick. (and a ve
ilto:[EMAIL PROTECTED] On Behalf Of
Albert Lu
Sent: Friday, February 21, 2003 9:19 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Troy,
Must be some secure site, reason I was interested is that I had a
discussion
with someone else before in regards to multi-vendor IDS so
ECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Albert Lu
Sent: Friday, February 21, 2003 9:19 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Troy,
Must be some secure site, reason I was interested is that I had a
discussion
with someone else before in regards to
You are correct. That's why security should be a "belt and suspenders"
approach.
For the Code red stuff, SQL slammer, etc, we just used NBAR on Cisco to drop
the packets.
http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml#1
ISS gets some stuff, Checkpoint is good at getting some other st
Thank you very much everybody.
I think I have received some valuable info/background to get myself
started.
Sean
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63608&t=63461
--
FAQ, list archives, and subscription info: http://
happening.
Otherwise, you have nothing ...
(quite literally)
Thanks!
TJ
[EMAIL PROTECTED]
-Original Message-
From: Jim Brown [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 11:27 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
Come on now, t
ry 22, 2003 8:35 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]-Automated IDS
[7:63557]
I cut out some of the other messages to concentrate on one issue,
automated IDS responses. If your automated IDS responses result in a
"automated" packet filter of any
nd to an
> attack.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> Albert Lu
> Sent: Friday, February 21, 2003 9:19 AM
> To: [EMAIL PROTECTED]
> Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
>
> Hi Troy,
>
&
19 matches
Mail list logo
