I work on most of Cisco IDS devices. At the beginning, when the ids was just
new, you could only operate it from the Director which need as u know HP
open view and Unix machine which was not easy compared with other IDS. Then
Cisco came out with the CSPM 2.3 which in my opinion was really a headach
I have to concur with Anan with how nice the new interfaces are to
maneuver. Last week I had the pleasure of taking the new IDS course version
3.0 and had a chance to work with the parts. They were fairly easy to learn
and produce results. If you only have a few sensors the IEV (IDS Event
Viewer
comments in-line:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 12, 2003 9:06 PM
To: [EMAIL PROTECTED]
Subject: Snort versus Cisco IDS [7:62939]
Someone told me in an authoritative voice today that Cisco doesn't recommend
their IDS. They
On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote:
> Someone told me in an authoritative voice today that Cisco doesn't
recommend
> their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a
> big part of SAFE?
>
Whomever told you this:
1) Is extremely naiive (one Cisco eng
PTSS CCDA MCP
9450 W. Bryn Mawr Ave.
Suite 325
Rosemont, Il 60018
www.ins.com
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kent
Hundley
Sent: Thursday, February 13, 2003 3:39 PM
To: [EMAIL PROTECTED]
Subject: Re: Snort versus Cisco IDS
]
Subject: RE: Snort versus Cisco IDS [7:62939]
comments in-line:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 12, 2003 9:06 PM
To: [EMAIL PROTECTED]
Subject: Snort versus Cisco IDS [7:62939]
Someone told me in an authoritative voice today that
ACID (http://acidlab.sourceforge.net/) or SnortSnarf.
Paul Borghese
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Will Gragido
Sent: Friday, February 14, 2003 12:02 AM
To: [EMAIL PROTECTED]
Subject: RE: Snort versus Cisco IDS [7:62939]
Not to mention the
. Never forget Rules 1 & 2.
-Original Message-
From: Kent Hundley [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 13, 2003 4:39 PM
To: [EMAIL PROTECTED]
Subject: Re: Snort versus Cisco IDS [7:62939]
On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote:
> Someone told m
4:39 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Snort versus Cisco IDS [7:62939]
>
>
> On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote:
> > Someone told me in an authoritative voice today that Cisco doesn't
> recommend
> > their IDS. They recommend Snort. Is
hi,
it`s even worse than you thought...
the unix director no longer exsists
...
the policy manager has now gone,and is now included as part of the new
ciscoworks VPN/Secuirty 2.1 SUITE of software...and you can`t get it
seperatly..
.
the ids hook into OV simple report`s message
lto:[EMAIL PROTECTED]]
> > Sent: Thursday, February 13, 2003 4:39 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Snort versus Cisco IDS [7:62939]
> >
> >
> > On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote:
> > > Someone told m
: Friday, February 14, 2003 12:56 AM
To: [EMAIL PROTECTED]
Subject: RE: Snort versus Cisco IDS [7:62939]
The thing that makes SNORT so powerful is the attack rules which are
updated almost daily. Also, you can not beat the price. Simply find an
unused PC, install Linux and install Snort. The software
.ins.com
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul
Borghese
Sent: Friday, February 14, 2003 12:48 AM
To: [EMAIL PROTECTED]
Subject: RE: Snort versus Cisco IDS [7:62939]
Do not forget about the open source scanner Nessus (www.
I do believe it is in the best interest of the Cisco engineers to also push
their products.
-Original Message-
From: Kent Hundley [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 14, 2003 10:35 AM
To: [EMAIL PROTECTED]
Subject: RE: Snort versus Cisco IDS [7:62939]
The term "team
Having installed and worked with both products, I think that Cisco's
offering is more comprehensive, but Snort is highly reliable and much
cheaper.
It doesn't have some of the features of the Cisco product (dynamic
shunning), but for most small to medium sized businesses (like the kind I
work wi
Backing up what Craig said, Snort is probably better performing in
terms of cost/performance than almost all the IDSes out there,
including Cisco. It does not have a end to end solution to make
one's life easier though, at least not out of the box.
Of course, you will need some sort of a unix
There are also some very nice prebuilt Snort sensors with a GUI from the
following vendors.
www.sourcefire.com
www.silicondefense.com
www.packetalarm.com
I have had the opportunity to evaluate and configure products from all
three, and they have done an excellent job of bringing Snort to the mas
Thanks for all the replies. It's very helpful to get a feel for the
differences. To quickly synthesize what I've read, I would say that Cisco's
IDS is an enterprise, end-to-end solution, with improving reliability and
ease-of-use. Snort, on the other hand, is more appropriate for the midsize
or sma
There is a windows port of Snort, but I've never used it, so I can't tell
you much about it from personal experience.
Those I know who've tried it usually recommend sticking with Unix.
Your mileage may vary, but you might have an easier time getting snort
running on FreeBSD since there's a very
ct: RE: OT Re: Snort versus Cisco IDS [7:62939]
Thanks for all the replies. It's very helpful to get a feel for the
differences. To quickly synthesize what I've read, I would say that Cisco's
IDS is an enterprise, end-to-end solution, with improving reliability and
ease-of-use
Cisco IDS [7:62939]
Thanks for all the replies. It's very helpful to get a feel for the
differences. To quickly synthesize what I've read, I would say that Cisco's
IDS is an enterprise, end-to-end solution, with improving reliability and
ease-of-use. Snort, on the other hand, is more
I've been having trouble with Snort on Red Hat and I've searched high and
low and can't find a resolution. My alert file grows to 2GB very quickly and
then crashes the process. I've seen one or two mentions of this same issue
in NG searches but haven't found a resolution. So like someone already sa
IL PROTECTED]]
Sent: Thursday, February 13, 2003 12:20 PM
To: [EMAIL PROTECTED]
Subject: RE: OT Re: Snort versus Cisco IDS [7:62939]
Thanks for all the replies. It's very helpful to get a feel for the
differences. To quickly synthesize what I've read, I would say that
Cisco's
IDS is
I've also had trouble with RedHat...with Snort as well as other apps. I
switched to FreeBSD and have been very pleased so far.
At 06:32 PM 2/13/2003 +, you wrote:
>I've been having trouble with Snort on Red Hat and I've searched high and
>low and can't find a resolution. My alert file grows
> I've also had trouble with RedHat...with Snort as well as other apps. I
> switched to FreeBSD and have been very pleased so far.
Interesting... I'll give that a try... thanks mate!
JR
--
Johnny Routin
)?)
-
""Craig Columbus"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PRO
25 matches
Mail list logo
