[Dshield] IPS/IDS solutions--your opinions?
Hammond, Stanley
shammond at capecod.edu
Wed Jan 23 17:47:10 GMT 2008
I have worked with Snort, Sourcefire, ISS Proventia and Cisco. I agree
with you that the Cisco product never really lived up to a level that I
would recommend it. Out of all four, I still find myself building Snort
boxes. As Matt mentioned it is very customizable for whatever you need
it to detect. Sourcefire (commercial Snort) is good as well, but the
cost didn't make it a viable option for our organization. We could not
justify the cost for a Snort box with a fancy GUI.
Stan
-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Pete Cap
Sent: Wednesday, January 23, 2008 8:38 AM
To: list at lists.dshield.org
Subject: [Dshield] IPS/IDS solutions--your opinions?
List,
Would anyone mind discussing the pros and cons of IDS/IPS solutions
you've used?
I've been trained on several systems, the only one of which is current
is Mcafee's. They all had pros and cons but I liked Intrushield a lot,
but for a few things--for instance, Cisco's product never impressed me,
but you could always just run snoop when you saw something weird. I'm
also not a huge fan of their all-in-wonder router/IDS gear but I haven't
used it very much. I want to look into Sourcefire at some point this
year as well.
Any other thoughts?
Best regards,
Pete
________________________________________________________________________
____________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
_________________________________________
SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up
north if you can be in New Orleans. http://www.sans.org/info/15826
More information about the list
mailing list