Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] IDS

To: [email protected]
Subject: Re: [FW-1] IDS
From: "Laverty, Jim" <[email protected]>
Date: Tue, 30 Oct 2001 11:45:43 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Thread-index: AcFhYlDjiges3zpwQtGacj31HAqXLg==
Thread-topic: [FW-1] IDS

I think Snort (BSD) and Dragon are the two best out there right now.
Snort is free and well supported by the Open Source community, plus is
easy to modify for new attacks vs. canned solutions.  Cisco however is
licensing the Entercept IDS for their next round of IDS products, so it
should be interesting to see what the final product is.  Entercept
(IMHO) does a nice job of trapping buffer overflows.

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of
Ramakrishnan
Sent: Tuesday, October 30, 2001 1:13 AM
To: [email protected]
Subject: [FW-1] IDS


Hi Kevin,

Thanks for the suggestion. I found it very useful. I
tested Snort and found it lacking in tracing
fragmentation and TCP reassembly attacks. Also the
webinterface is not very appealing.

I shall test the Dragon as well in our labs. I need to
know if any IDS is known to work exceptionally well
with CP 1

Regards
Rama


See the following article on comparisons of different
IDS systems.

http://www.nwc.com/shared/printArticle?article=nc/1217/1217f2full.html&p
ub=n
wc



Kevin Martin            [email protected]
Stafford Trading Inc.   Chief Security Officer
Chicago, IL  60604      TEL230 S. LaSalle, Ste. 688

 -----Original Message-----
From:   Ramakrishnan [mailto:[email protected]]
Sent:   Tuesday, October 23, 2001 11:45 PM
To:     [email protected]
Subject:        [FW-1] etrust IDS

Hi,

Has anybody tried etrust IDS ???

I would like to know the support for the product.

I am also exploring the option of Black Ice for my
organisation.

Any experience on these products are welcome. Our
organisation has a CP 4.1 as firewall. We are also
planning to introduce the Dynamic acl. Is thee any
possibility of configuring a time bound dynamic acl.

Regards
Rama

__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: [FW-1] Nightmare logging problem, gateway only logs local
Next by Date: [FW-1] test - pls ignore
Previous by thread: [FW-1] IDS
Next by thread: [FW-1] GUI notification message
Index(es):
- Date
- Thread