[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Best IDS??
Hi, don't take RealSecure. They (still) have bandwidth issues, you can't write your own signatures [which is rather critical for an IDS] and you can't do any forensics [there's no recording of the raw packets for retrospective investigation], which may be even more critical for an IDS. But I'm sure your sales guy will tell you 'the next version will definitely include all this'... this is what they do since many versions... Take snort or Dragon. just my 0.02 Enno Rey [email protected] --- www.security-academy.de PGP 585F B0B9 F429 35EF 73A4 BC33 8F4B A629 C181 2EF1 -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Tim Anderson Sent: Donnerstag, 29. November 2001 18:16 To: [email protected] Subject: [FW-1] Best IDS?? We have budget to purchase an IDS and would like to get suggestions from you fine folks. We are looking at SNORT since it is free (except for the equipment costs) and ISS Real Secure. We are open to other suggestions as well. Also where do you guys have your sensors? We were thinking that having one on the DMZ is probably enough but we want some input from others before we decide. Thanks! Tim Anderson =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|