[prev in list] [next in list] [prev in thread] [next in thread]
List: ids
Subject: Re: IDS: Cisco IDS v the rest of the world
From: "drm linux" <linuxexpert () linuxmail ! org>
Date: 2001-11-08 3:48:55
[Download RAW message or body]
Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
-----Original Message-----
From: william.c.gercken@census.gov
Date: Wed, 7 Nov 2001 09:59:37 -0500
To: "Crazy Horse" <thecrazyhorse85@hotmail.com>
Subject: Re: IDS: Cisco IDS v the rest of the world
> Archive: http://msgs.securepoint.com/ids
> FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
> FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner@uow.edu.au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> -----------------------------------------------------------------------------
>
> TCH,
>
> We use CISCO IDS in house running in parallel with several other systems.
> CISCO has been steadly improving there IDS support with more frequent
> updates and patches. We had no problem developing an analysis system by
> decoupling the dependancy on Openview and using the database scripts
> provided. As far as keeping up with the Jone's, the alerts have been
> comparable to all the systems we have tested in house.
>
> -bill
>
>
>
>
> "Crazy Horse" \
> <thecrazyhorse85@ho To: ids@uow.edu.au \
> tmail.com> cc: \
> Sent by: Subject: IDS: Cisco IDS v the rest of the world \
> owner-ids@uow.edu.a \
> u \
>
>
> 11/06/2001 10:18 AM \
>
>
>
>
>
>
> Archive: http://msgs.securepoint.com/ids
> FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
> FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner@uow.edu.au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> -----------------------------------------------------------------------------
>
> Anyone familar with Cisco's IDS offering? I have Cisco running a hard sell
> later this week and pressure is there to get them on board.
>
> Cisco were always dismissed in the past notably due to it's poor reporting
> based on HP Openview and lack of knowledge of signatures. I have been
> always
> sceptical of Cisco offerings - great switches and routers are their focus,
> but not Security. Perhaps I'm been short sighted.
>
> However, they've re-badged from sensors to evolve to an IDS "blade" that
> fits inside their Catalyst 6000 switches. The blade is a card that simply
> monitors packets across the Cat's backplane and signatures are compared
> against a known and growing database. Cisco have doen some work at a
> management Level for log analysis and so on. All in all it's getting
> better,
> but is it there yet?
>
> I'm reluctant to go down the path of purchasing dedicated kit that is Cisco
> dependent rather than O/S
>
> Has anyone gotten any pratical experience of this one? Does it shape
> against
> the likes of Dragon, ISS, NFR or Snort?
>
> Laters, TCH.
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
>
>
>
--
Get your free email from www.linuxmail.org
Powered by Outblaze
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic