Try the open source security testing methodology manual (http://www.osstmm.org) -- there is a module on testing IDS.
Z. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: jueves, 15 de noviembre de 2001 4:56 To: [EMAIL PROTECTED] Subject: RE: IDS Question I'm working on review of IDS and started preparing a checklist for Real Secure IDS. Does anyone have a generic checklist or checklist for Realsecure IDS in specific from which I can take input and benchmark my chekclist. I have used the following procedure to prepare a checklist. It could be of use to others also. An independent person (preferable) or the same person has to obtain all the detail product and technical literature for Dragon. Review the implementation against the product and technical literature and also against the business objectives and specific objectives for which the IDS was procured to measure the performance. Regards Prem Sagar "Millan, Raul" <Raul.Millan@cwp To: anama.com> [EMAIL PROTECTED] cc: 11/13/01 01:06 Subject: RE: IDS Question AM We just implemented Dragon, now I'm looking for a checklist of tests for verifying that everything is working as it should. Does anyone have such a checklist for testing the IDS? Regards, Raúl Millán -----Mensaje original----- De: Paul Innella [mailto:[EMAIL PROTECTED]] Enviado el: Viernes 9 de Noviembre de 2001 03:30 PM Para: 'Dennis Oliver'; [EMAIL PROTECTED] Asunto: RE: IDS Question Virtually all IDS products will allow for alerts that generate emails and pages as their means of notification. Our experience is that ISS' solution is in fact one of the easier to manage while Symantec's is more difficult. The best solution that we have seen, however, is Enterasys' Dragon product for manageability, cost, and effectiveness. Paul Innella, CISSP www.TDISecurity.com -----Original Message----- From: Dennis Oliver [mailto:[EMAIL PROTECTED]] Sent: Monday, November 05, 2001 1:54 PM To: [EMAIL PROTECTED] Subject: IDS Question Hello All, Sorry if this is not the right place to post. I am trying to implement an IDS and not sure on which brand to implement, currently we use Checkpoint Firewall-1 for our firewall. I have heard that real secure IDS is good for integrating with Checkpoint. My question is does anyone have any recommendations on an IDS that is easy to manage and not to pricey. What I am looking for in the IDS features is to have it e-mail or if possible send a Text Page to a cell phone or pager to alert of attacks, easy to manage, and integrate with Checkpoint if possible. Any help would be greatly appreciated. Thanks, Dennis
