On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said:
> Our company plan to install IDS to protect our resources, I'm already read
> about snort as NIDS, but, that's software based. I'm interesting with
> hardware based that will work transparently with our Cisco PIX, no need to
> make cha
[EMAIL PROTECTED] wrote:
On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said:
plan to install IDS to protect our resources
An IDS doesn't *protect* your resources, any more than a concealed
video surveillance camera protects anything. It may tell you who did it, and
what they d
On Wed, 28 Sep 2005 11:48:06 +0200, Peer Janssen said:
> Really? Is there no software package capable of withholding inspected
> packages until cleared by said IDS?
All depends on the inbound packet rate, how fast the IDS is, and how much RAM
you're willing to buy. Just remember that a sufficie
On Wed, 28 Sep 2005 [EMAIL PROTECTED] wrote:
In a nutshell I would go with Sentivist.
http://www.nfr.com/solutions/download/HotPick-IPS-Review.pdf
For brief summaries of some other products:
http://www.networkintrusion.co.uk/inline.htm
> All depends on the inbound packet rate, how fast the IDS
Really? Is there no software package capable of withholding inspected
packages until cleared by said IDS?
Um .. snort-inline anyone?
Michael Holstein CISSP GCIA
Cleveland State University
___
Full-Disclosure - We believe in it.
Charter: http://lists.g
Our company plan to install IDS to protect our resources, I'm already
read about snort as NIDS, but, that's software based. I'm interesting
with hardware based that will work transparently with our Cisco PIX, no
need to make changes in our firewall. What's your suggestion.
My first piece of ad
Take a look at Sourcefire's (The company who makes Snort) IPS products.
Joel Esler
(pS. Disclaimer, I work for Sourcefire, and am biased to
Sourcefire/Snort's products)
On 9/28/05, Michael Holstein <[EMAIL PROTECTED]> wrote:
> > Really? Is there no software package capable of withholding inspect
On Wed, 28 Sep 2005 07:01:34 EDT, "J. Oquendo" said:
> While I do agree with the statement made "Quite frankly, anybody who
> already has a PIX installed and wants to install an IPS needs to quantify
> *exactly* what protection the PIX is failing to provide before they go
> shopping for anything"
--On Wednesday, September 28, 2005 15:54:41 +0700 Fajar Edisya Putera
<[EMAIL PROTECTED]> wrote:
Dear Experts,
Our company plan to install IDS to protect our resources, I'm already
read about snort as NIDS, but, that's software based. I'm interesting
with hardware based that will work transpar
--On Wednesday, September 28, 2005 11:37:38 -0400 [EMAIL PROTECTED]
wrote:
On Wed, 28 Sep 2005 07:01:34 EDT, "J. Oquendo" said:
While I do agree with the statement made "Quite frankly, anybody who
already has a PIX installed and wants to install an IPS needs to quantify
*exactly* what protect
If you NAT a lot, PIX can't handle the load. It also isn't flexible
enough.
Huh? .. the FWSM (which is PIX and you can have 4 of them in a chassis)
can handle 100 intefaces, 5gpbs, 100k CPS, and 1M concurrent per blade.
http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/
Show me
AIL PROTECTED]
Sent: 28. september 2005 17:49
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Suggestion for IDS
--On Wednesday, September 28, 2005 11:37:38 -0400
[EMAIL PROTECTED]
wrote:
> On Wed, 28 Sep 2005 07:01:34 EDT, "J. Oquendo" said:
>
>> While
On Wednesday 28 September 2005 16:56, Michael Holstein wrote:
> > If you NAT a lot, PIX can't handle the load. It also isn't flexible
> > enough.
>
> Huh? .. the FWSM (which is PIX and you can have 4 of them in a chassis)
> can handle 100 intefaces, 5gpbs, 100k CPS, and 1M concurrent per blade.
>
rg.uk
Cc:
Assunto: Re: [Full-disclosure] Suggestion for IDS
> If you NAT a lot, PIX can't handle the load. It also isn't flexible
> enough.
Huh? .. the FWSM (which is PIX and you can have 4 of them in a chassis)
Does the Tipping Point appliance allow you to create custom rules now?
The last time I tried the appliance (which was over a year ago) that
'feature' was not yet available.
KevinOn 9/28/05, Paul Schmehl <[EMAIL PROTECTED]> wrote:
--On Wednesday, September 28, 2005 15:54:41 +0700 Fajar Edisya Puter
On Wednesday 28 September 2005 16:56, Michael Holstein wrote:
> > If you NAT a lot, PIX can't handle the load. It also isn't flexible
> > enough.
>
> Huh? .. the FWSM (which is PIX and you can have 4 of them in a chassis)
> can handle 100 intefaces, 5gpbs, 100k CPS, and 1M concurrent per blade.
>
I suspect the argument here has to be cost-for-cost - in the price range for a
decent beefy OpenBSD box you aren't going to be using FWSMs, and I can quite
believe that the PIXen in that price range don't perform - the PIX 501 is
specced at 60MB/s throughput and the cheapest retail price I can f
Hi Kevin,
Yes, they will give you a no-extra-cost Windows-based program
to create custom rules. We've got one, but I haven't
used it yet. I'm still brushing up on my Regex...
Regards,
Lew
Kevin Pawloski wrote:
Does the Tipping Point appliance allow you to create custom rules now?
The last ti
On Wed, 28 Sep 2005 17:48:59 BST, "Paul S. Brown" said:
> I suspect the argument here has to be cost-for-cost - in the price range for
> a
> decent beefy OpenBSD box you aren't going to be using FWSMs, and I can quite
> believe that the PIXen in that price range don't perform - the PIX 501 is
be lucky to have a budget for a McSE (you want fries with that?)
"Fries with that" ... LMAO .. good one ;)
(In the interests of fairness, you don't need much beefy if you're Cisco -
the listed technical specs on the innards of the PIX-501:
Processor: 133-MHz AMD SC520 Processor
Random access
On Wed, 28 Sep 2005 14:07:08 EDT, Michael Holstein said:
> PCI bandwidth at that rate is 127.2MB/sec (big B). Cisco's figure is
> 60mb/sec (litte b).
Crap. Sometime after I hit send, that 'b' magically turned lower-case. You're
right, it's only eating 1/8th the PCI bandwidth, not almost all of
Title: Re: [Full-disclosure] Suggestion for IDS
Show me an OpenBSD system that can handle 400 interfaces,
20gbps, and 4Mconnections (and can do HSRP, etc).
Regarding HSRP, OpenBSD now has failover with their CARP
implementation.
And IPSec SA synchronization as well.
You may be
Hi,
Michael Holstein wrote:
>> Our company plan to install IDS to protect our resources, I'm already
>> read about snort as NIDS, but, that's software based. I'm interesting
>> with hardware based that will work transparently with our Cisco PIX,
>> no need to make changes in our firewall. What's y
--On Wednesday, September 28, 2005 17:48:59 +0100 "Paul S. Brown"
<[EMAIL PROTECTED]> wrote:
On Wednesday 28 September 2005 16:56, Michael Holstein wrote:
> If you NAT a lot, PIX can't handle the load. It also isn't flexible
> enough.
Huh? .. the FWSM (which is PIX and you can have 4 of them
--On Wednesday, September 28, 2005 09:48:36 -0700 Kevin Pawloski
<[EMAIL PROTECTED]> wrote:
Does the Tipping Point appliance allow you to create custom rules now?
Yes, for some definition of "rules". For example, you can block individual
host/port combos or ports or hosts, that sort of thin
--On Wednesday, September 28, 2005 18:49:32 +0200 Jan Nielsen
<[EMAIL PROTECTED]> wrote:
Hi Pauk
Can i ask what you were doing that a pix could not handle nat wise ?
just wondering since I have done very extensive and complex nat'ing in
pix'es from 506's up to 535's without any performance pro
Hi,
Try to look at www.nss.co.uk for IDS products comparison. They did lot of
R&D. Obviously, Cisco is not a good one.
Why you're asking about IDS while we could use IPS ?
Cheers,
|+-+--|
|| Fajar Edisya Putera |
disclosure@lists.grok.org.uk
::::Subject: Re: [Full-disclosure] Suggestion for IDS
> Our company plan to install IDS to protect our resources,
I'm already
> read about snort as NIDS, but, that's software based. I'm
interesting
> with hardware based tha
$678? Ours were in the mid five figure range. You must be talking
about SOHO units.
That's exactly that the 501 is .. a dinky little thing that has a
built-in 4 port switch (sort of like the linksys ones you see at
BestBuy, etc). But it does run the full IOS feature set that's found on
th
Try to look at www.nss.co.uk for IDS products comparison. They did lot of
R&D. Obviously, Cisco is not a good one.
Why you're asking about IDS while we could use IPS ?
I second that on Cisco's IDS .. our two have been gathering dust ever
since we installed them .. they'll only be useful if I fi
I value your opinion on this subject as my knowledge about IDS is slim. Your
suggestion below as I understand you basically says, from a company stand
point, IDS is not a solution? We were thinking in this line of using IDS
along with IPS system too. We basically have nothing to inspect the high
b
> -Original Message-
> From: Michael Holstein
> > Try to look at www.nss.co.uk for IDS products comparison. They did
lot
> > of R&D. Obviously, Cisco is not a good one.
> > Why you're asking about IDS while we could use IPS ?
>
> I second that on Cisco's IDS .. our two have been gather
32 matches
Mail list logo
