'Re: IDS: Cisco IDS v the rest of the world'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ids
Subject:    Re: IDS: Cisco IDS v the rest of the world
From:       "drm linux" <linuxexpert () linuxmail ! org>
Date:       2001-11-08 3:48:55
[Download RAW message or body]

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------

-----Original Message-----
From: william.c.gercken@census.gov
Date: Wed, 7 Nov 2001 09:59:37 -0500
To: "Crazy Horse" <thecrazyhorse85@hotmail.com>
Subject: Re: IDS: Cisco IDS v the rest of the world


> Archive: http://msgs.securepoint.com/ids
> FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
> FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner@uow.edu.au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> -----------------------------------------------------------------------------
> 
> TCH,
> 
> We use CISCO IDS in house running in parallel with several other systems.
> CISCO has been steadly improving there IDS support with more frequent
> updates and patches. We had no problem developing an analysis system by
> decoupling the dependancy on Openview and using the database scripts
> provided. As far as keeping up with the Jone's, the alerts have been
> comparable to all the systems we have tested in house.
> 
> -bill
> 
> 
> 
> 
> "Crazy Horse"                                                                       \
>  <thecrazyhorse85@ho        To:     ids@uow.edu.au                                  \
>  tmail.com>                 cc:                                                     \
>  Sent by:                   Subject:     IDS: Cisco IDS v the rest of the world     \
>  owner-ids@uow.edu.a                                                                \
>  u                                                                                  \
>  
> 
> 11/06/2001 10:18 AM                                                                 \
>  
> 
> 
> 
> 
> 
> Archive: http://msgs.securepoint.com/ids
> FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
> FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner@uow.edu.au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> -----------------------------------------------------------------------------
> 
> Anyone familar with Cisco's IDS offering? I have Cisco running a hard sell
> later this week and pressure is there to get them on board.
> 
> Cisco were always dismissed in the past notably due to it's poor reporting
> based on HP Openview and lack of knowledge of signatures. I have been
> always
> sceptical of Cisco offerings - great switches and routers are their focus,
> but not Security. Perhaps I'm been short sighted.
> 
> However, they've re-badged from sensors to evolve to an IDS "blade" that
> fits inside their Catalyst 6000 switches. The blade is a card that simply
> monitors packets across the Cat's backplane and signatures are compared
> against a known and growing database. Cisco have doen some work at a
> management Level for log analysis and so on. All in all it's getting
> better,
> but is it there yet?
> 
> I'm reluctant to go down the path of purchasing dedicated kit that is Cisco
> dependent rather than O/S
> 
> Has anyone gotten any pratical experience of this one? Does it shape
> against
> the likes of Dragon, ISS, NFR or Snort?
> 
> Laters, TCH.
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
> 
> 
> 
> 
> 

-- 

Get your free email from www.linuxmail.org 


Powered by Outblaze


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic