Thanks nebulus. I'll give the folks at ISS a call on Monday to find out what's up.
Printable View
Thanks nebulus. I'll give the folks at ISS a call on Monday to find out what's up.
Yeah, we were extremely displeased with ISS and their sudden announcement. It is very poor to out of the blue drop support for something that is being released even to this moment. I suspect they are trying to force everyone to go to their Proventia servers.
I also suspect we are going to tell them to take their 500 sensor license and the two scanner licenses and shove it where the sun don't shine...
Hmm...that pun wasn't intentional but it works for me :)
/nebulus
My vote would have to go with Snort :D
Pros:
-Supports both Windows and *NIX systems
-Free!
-Easily deployed on a small network
Cons:
-Tough to deploy on a large network
-Writing rules may seem daunting at first for n00bs
As you can see, the pros in my mind seem to outweigh the cons. My vote goes with Snort
:D
Might have been good to have an "Others" option. I've been recently doing some work/testing on Prelude, new "hybrid" IDS.
Snort!!! with PureSecure
This can be true but I use it with Demarc's Puresecure as a front end (and HID). A central managment console with control over all the sensors and displayed in a nice gui makes snort better than anything out there. And the fact that it is all free makes it even better.Quote:
Originally posted here by nebulus200
Snort -- Good all around IDS with the price being right. If I was running a small network, this is what I would use, in one form or another. It, at the moment, does not scale well though and if you are in an environment where you would deploy say a few hundred sensors, you can pretty much forget about snort, unless you have megaworkers to keep it running.
s
Dragon for host. not too impressed with ISS for net since so many false positives.
i'm still testing Prelude IDS ...huh ..tough man !!
Please do not bump a one-year six month old thread. :)
- X
My vote would go to the Netscreen/Juniper IDP - very easy to set up out of the box, not too expensive, very good support from Juniper providing you purchase the support contract. It can be easily set up to send log files to a management server running either Solaris or Redhat. I have previously used the Cisco IDS and compared to the Juniper IDP it was a real pain to manage and track the logs.
Like other great minds have stated snort all the way. www.snort.org