For IDSs there are what 4 big players?
Cisco, ISS, Dragon, and Snort.
Personally, I like Snort. I always use it whenever I can on Red Hat 7.2.
Apparently, John Kaberna has installed Snort on a Y2K platform. John, if
you have the links please tell because I didn't know this was possible and
I would love to run this on Windows for Windows only companies.
Cisco IDS is good but not like groundbreaking. It really comes down to
pricing. For the price, $0, Snort can not be beat. CBAC IDS is cute, but
only cute.
Theo
"Roberts, Larry"
Sent by: nobody@xxxxxxxxxxxxxx
06/16/2002 01:02 AM
Please respond to "Roberts, Larry"
To: cisco@xxxxxxxxxxxxxx
cc:
Subject: RE: IDS Questions [7:46639]
That's why you always put your own IP as well as the CSPM server on the do
not shun list...
That's a good point, but that scenario is exactly why they added the do
not
shun list.
Well that and the person who puts a custom signature denying telneting and
locks themselves out :)
Thanks
Larry
-----Original Message-----
From: Steven A. Ridder [mailto:saridder@xxxxxxxxxxx]
Sent: Saturday, June 15, 2002 10:07 AM
To: cisco@xxxxxxxxxxxxxx
Subject: Re: IDS Questions [7:46639]
I wouldn't use shunning only because a hacker can spoof an address, and
you
shun it, such as a web server, or IDS console, etc..
""Hamid"" wrote in message news:200206150732.DAA27556@xxxxxxxxxxxxxxxxx
> Maybe a silly question, Can anyone tell me what shunning is?
>
>
> ""John Kaberna"" wrote in message
> news:200206150006.UAA24713@xxxxxxxxxxxxxxxxx
> > I don't see why you'd get flamed for that except maybe from a
> > die-hard
> Cisco
> > employee and even then I doubt it. I prefer Snort a lot more than
Cisco's
> > IDS because of price and I do prefer the fact that you have nearly
> > an
> entire
> > industry of security people that work on Snort. There are very few
> seasoned
> > security people that don't have a fair amount of experience with
> > Snort. There are few shops out there that rely solely on Cisco IDS.
> > If I had
the
> > choice though, I would probably run them both. It wouldn't hurt and
> > it
> sure
> > would make you feel good to catch an alarm on one IDS that was
> > missed by
> the
> > other.
> >
> >
> > ""Peter Walker"" wrote in message
> > news:200206150001.UAA22893@xxxxxxxxxxxxxxxxx
> > > I hope I dont get flamed for this....
> > >
> > > ... but I would like to ask a similar but different question.
> > >
> > > What reason is there to choose Cisco IDS over Snort. I just dont
> > > see
> Cisco
> > > IDS as having much in the way of advantages over Snort other than
> > > a
> Cisco
> > > label and a high price tag (and yes both of those can be percieved
> > > as
> > > advantages)
> > >
> > > Of all of the Cisco kit I have worked with the IDS system is the
> > > only
> one
> > I
> > > cant see myself recommending to someone.
> > >
> > > Peter Walker
> > >
> > > --On Friday, June 14, 2002 7:13 PM -0400 Ken Diliberto wrote:
> > >
> > > > Brian,
> > > >
> > > > We can both justify and afford a commercial IDS but choose
> > > > Snort.
> What
> > do
> > > > see as drawbacks to Snort?
> > > >
> > >
> > > >>> "Brian Zeitz" 06/14/02 03:02PM >>>
> > >
> > >
> > > > So the most people who want IDS who cannot afford
> > > > / justify (just yet) and IDS box are using Snort? I have a pix
515UR,
> > > > and if I read correctly, it has the capabilities to interface to
> > > > an
> IDS
> > > > box, but it is not an IDS box itself.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=46737&t=46639
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx
