[Dshield] IPS/IDS solutions--your opinions?

Nicolas Villatte nicolas.villatte at gmail.com
Wed Jan 23 18:27:38 GMT 2008 

I had the same issue here. I finally used Juniper IDP which is still a  
commercial product but with more open signatures.

Snort is a good alternative too but lacks same level of support, plus  
it is just the software (IDP is an appliance).

Side note: I personally prefer a more generic training like SANS  
Sec503 which detach you from a specific product.

Sent from my iPhone

On 23 Jan 2008, at 15:01, "Albert R. Campa" <abcampa at gmail.com> wrote:

> I have used ISS Proventia, but I am battleing with some issues.
>
> ISS doesnt have open signatures, so I cant see why an event is
> triggered and how it is set to trigger.
>
> Do most of you recommend an IDS/IPS that you can see the code behind  
> the alert?
>
> I have had false positives where I cant tell why its a false positive
> because I cant see inside the signature.
>
> Saludos
>
> Albert
>
> On Jan 23, 2008 7:37 AM, Pete Cap <peteoutside at yahoo.com> wrote:
>> List,
>>
>> Would anyone mind discussing the pros and cons of IDS/IPS solutions  
>> you've used?
>>
>> I've been trained on several systems, the only one of which is  
>> current is Mcafee's.  They all had pros and cons but I liked  
>> Intrushield a lot, but for a few things--for instance, Cisco's  
>> product never impressed me, but you could always just run snoop  
>> when you saw something weird.  I'm also not a huge fan of their all- 
>> in-wonder router/IDS gear but I haven't used it very much.  I want  
>> to look into Sourcefire at some point this year as well.
>>
>> Any other thoughts?
>>
>> Best regards,
>> Pete
>>
>>
>>       
>> ____________________________________________________________________________________
 

>> Never miss a thing.  Make Yahoo your home page.
>> http://www.yahoo.com/r/hs
>> _________________________________________
>> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze  
>> up north if you can be in New Orleans.  http://www.sans.org/info/15826
>>
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze  
> up north if you can be in New Orleans.  http://www.sans.org/info/15826

More information about the list mailing list