From: Todd Veillette (tveillette@myeastern.com)
Date: Wed Jun 04 2003 - 19:57:28 GMT-3
The perfect IDS is a system with no inside or outside connectivity,
as in none needed not hackable. But not likely, so...
If you happen to have a branch size need, with a 26xx series
with an unused network module the IDS module is attractive.
Add IPSec and it becomes a really attractive solution, as the
tunnel encap will be stripped before IDS look at it.
It depends a lot on the need, and of course budget.
-TV
----- Original Message -----
From: "Charles Church" <cchurch@wamnet.com>
To: <aansar@sscomp.com.sg>; <ccielab@groupstudy.com>
Sent: Wednesday, June 04, 2003 5:32 PM
Subject: RE: OFFline IDS
> /Cisco stock holder hat on
> http://www.cisco.com/go/ids
> /Cisco stock holder hat off
>
> Honestly, there are many good ones out there. Snort for Linux is
supposedly
> real good, but I don't think any of them are as well-rounded as Cisco's
> offerings. It's integrated into IOS and PIX, so a detected intrusion can
be
> shunned immediately without human intervention. Others may be able to do
> that, but Cisco's is pretty well integrated. I know that the most secure
> way of doing things is to run multiple IDS's of different vendors.
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
> Wam!Net Government Services
> 13665 Dulles Technology Dr. Ste 250
> Herndon, VA 20171
> Office: 703-480-2569
> Cell: 585-233-2706
> cchurch@wamnet.com
> PGP key: http://pgp.mit.edu:11371/pks/lookup?search=chuck+church&op=index
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> aansar@sscomp.com.sg
> Sent: Wednesday, June 04, 2003 11:42 AM
> To: ccielab@groupstudy.com
> Subject: OFFline IDS
>
>
> Dear all, sorry for asking offline info..
> what is the perfect IDS system available in the market.. what will be the
> selection criteria for IDS..
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:52 GMT-3