@lists.grok.org.uk
Subject: Re: [Full-disclosure] Suggestion for IDS
Our company plan to install IDS to protect our resources,
I'm already
read about snort as NIDS, but, that's software based. I'm
interesting
with hardware based that will work transparently with our
$678? Ours were in the mid five figure range. You must be talking
about SOHO units.
That's exactly that the 501 is .. a dinky little thing that has a
built-in 4 port switch (sort of like the linksys ones you see at
BestBuy, etc). But it does run the full IOS feature set that's found on
Try to look at www.nss.co.uk for IDS products comparison. They did lot of
RD. Obviously, Cisco is not a good one.
Why you're asking about IDS while we could use IPS ?
I second that on Cisco's IDS .. our two have been gathering dust ever
since we installed them .. they'll only be useful if I
I value your opinion on this subject as my knowledge about IDS is slim. Your
suggestion below as I understand you basically says, from a company stand
point, IDS is not a solution? We were thinking in this line of using IDS
along with IPS system too. We basically have nothing to inspect the high
-Original Message-
From: Michael Holstein
Try to look at www.nss.co.uk for IDS products comparison. They did
lot
of RD. Obviously, Cisco is not a good one.
Why you're asking about IDS while we could use IPS ?
I second that on Cisco's IDS .. our two have been gathering
dust
On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said:
Our company plan to install IDS to protect our resources, I'm already read
about snort as NIDS, but, that's software based. I'm interesting with
hardware based that will work transparently with our Cisco PIX, no need to
make
[EMAIL PROTECTED] wrote:
On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said:
plan to install IDS to protect our resources
An IDS doesn't *protect* your resources, any more than a concealed
video surveillance camera protects anything. It may tell you who did it, and
what they
On Wed, 28 Sep 2005 11:48:06 +0200, Peer Janssen said:
Really? Is there no software package capable of withholding inspected
packages until cleared by said IDS?
All depends on the inbound packet rate, how fast the IDS is, and how much RAM
you're willing to buy. Just remember that a
On Wed, 28 Sep 2005 [EMAIL PROTECTED] wrote:
In a nutshell I would go with Sentivist.
http://www.nfr.com/solutions/download/HotPick-IPS-Review.pdf
For brief summaries of some other products:
http://www.networkintrusion.co.uk/inline.htm
All depends on the inbound packet rate, how fast the IDS
Really? Is there no software package capable of withholding inspected
packages until cleared by said IDS?
Um .. snort-inline anyone?
Michael Holstein CISSP GCIA
Cleveland State University
___
Full-Disclosure - We believe in it.
Charter:
Our company plan to install IDS to protect our resources, I'm already
read about snort as NIDS, but, that's software based. I'm interesting
with hardware based that will work transparently with our Cisco PIX, no
need to make changes in our firewall. What's your suggestion.
My first piece of
Take a look at Sourcefire's (The company who makes Snort) IPS products.
Joel Esler
(pS. Disclaimer, I work for Sourcefire, and am biased to
Sourcefire/Snort's products)
On 9/28/05, Michael Holstein [EMAIL PROTECTED] wrote:
Really? Is there no software package capable of withholding inspected
On Wed, 28 Sep 2005 07:01:34 EDT, J. Oquendo said:
While I do agree with the statement made Quite frankly, anybody who
already has a PIX installed and wants to install an IPS needs to quantify
*exactly* what protection the PIX is failing to provide before they go
shopping for anything to a
--On Wednesday, September 28, 2005 15:54:41 +0700 Fajar Edisya Putera
[EMAIL PROTECTED] wrote:
Dear Experts,
Our company plan to install IDS to protect our resources, I'm already
read about snort as NIDS, but, that's software based. I'm interesting
with hardware based that will work
--On Wednesday, September 28, 2005 11:37:38 -0400 [EMAIL PROTECTED]
wrote:
On Wed, 28 Sep 2005 07:01:34 EDT, J. Oquendo said:
While I do agree with the statement made Quite frankly, anybody who
already has a PIX installed and wants to install an IPS needs to quantify
*exactly* what
If you NAT a lot, PIX can't handle the load. It also isn't flexible
enough.
Huh? .. the FWSM (which is PIX and you can have 4 of them in a chassis)
can handle 100 intefaces, 5gpbs, 100k CPS, and 1M concurrent per blade.
http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/
Show
: 28. september 2005 17:49
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Suggestion for IDS
--On Wednesday, September 28, 2005 11:37:38 -0400
[EMAIL PROTECTED]
wrote:
On Wed, 28 Sep 2005 07:01:34 EDT, J. Oquendo said:
While I do agree with the statement made Quite frankly
Cc:
Assunto: Re: [Full-disclosure] Suggestion for IDS
If you NAT a lot, PIX can't handle the load. It also isn't flexible
enough.
Huh? .. the FWSM (which is PIX and you can have 4 of them in a chassis)
can handle 100
Hi Kevin,
Yes, they will give you a no-extra-cost Windows-based program
to create custom rules. We've got one, but I haven't
used it yet. I'm still brushing up on my Regex...
Regards,
Lew
Kevin Pawloski wrote:
Does the Tipping Point appliance allow you to create custom rules now?
The last
On Wed, 28 Sep 2005 17:48:59 BST, Paul S. Brown said:
I suspect the argument here has to be cost-for-cost - in the price range for
a
decent beefy OpenBSD box you aren't going to be using FWSMs, and I can quite
believe that the PIXen in that price range don't perform - the PIX 501 is
On Wed, 28 Sep 2005 14:07:08 EDT, Michael Holstein said:
PCI bandwidth at that rate is 127.2MB/sec (big B). Cisco's figure is
60mb/sec (litte b).
checks the same data sheets he checked before
Crap. Sometime after I hit send, that 'b' magically turned lower-case. You're
right, it's only
Title: Re: [Full-disclosure] Suggestion for IDS
Show me an OpenBSD system that can handle 400 interfaces,
20gbps, and 4Mconnections (and can do HSRP, etc).
Regarding HSRP, OpenBSDnow has failover with their CARP
implementation.
And IPSec SA synchronization as well.
You may be interested
Hi,
Michael Holstein wrote:
Our company plan to install IDS to protect our resources, I'm already
read about snort as NIDS, but, that's software based. I'm interesting
with hardware based that will work transparently with our Cisco PIX,
no need to make changes in our firewall. What's your
--On Wednesday, September 28, 2005 17:48:59 +0100 Paul S. Brown
[EMAIL PROTECTED] wrote:
On Wednesday 28 September 2005 16:56, Michael Holstein wrote:
If you NAT a lot, PIX can't handle the load. It also isn't flexible
enough.
Huh? .. the FWSM (which is PIX and you can have 4 of them in a
--On Wednesday, September 28, 2005 09:48:36 -0700 Kevin Pawloski
[EMAIL PROTECTED] wrote:
Does the Tipping Point appliance allow you to create custom rules now?
Yes, for some definition of rules. For example, you can block individual
host/port combos or ports or hosts, that sort of thing.
--On Wednesday, September 28, 2005 18:49:32 +0200 Jan Nielsen
[EMAIL PROTECTED] wrote:
Hi Pauk
Can i ask what you were doing that a pix could not handle nat wise ?
just wondering since I have done very extensive and complex nat'ing in
pix'es from 506's up to 535's without any performance
/IDN/SEA/CCA) |
|| | Subject: |
|| 09/28/2005 03:54 PM | [Full-disclosure] Suggestion for IDS |
|| Please respond to Fajar | |
|| Edisya Putera
27 matches
Mail list logo