What is the best IDS you have ever used? - Page 2

View Poll Results: is it bad if someone gets your dns

Voters
20. You may not vote on this poll
  • very bad

    2 10.00%
  • bad

    7 35.00%
  • not a security threat

    11 55.00%
Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: What is the best IDS you have ever used?

  1. #11
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    Thanks nebulus. I'll give the folks at ISS a call on Monday to find out what's up.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  2. #12
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Yeah, we were extremely displeased with ISS and their sudden announcement. It is very poor to out of the blue drop support for something that is being released even to this moment. I suspect they are trying to force everyone to go to their Proventia servers.

    I also suspect we are going to tell them to take their 500 sensor license and the two scanner licenses and shove it where the sun don't shine...

    Hmm...that pun wasn't intentional but it works for me

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #13
    Junior Member
    Join Date
    Jan 2004
    Posts
    14
    My vote would have to go with Snort

    Pros:

    -Supports both Windows and *NIX systems
    -Free!
    -Easily deployed on a small network

    Cons:
    -Tough to deploy on a large network
    -Writing rules may seem daunting at first for n00bs

    As you can see, the pros in my mind seem to outweigh the cons. My vote goes with Snort

    Happy BHH (Black Hat Hunting) and Happy WHH (White Hat Hacking)

  4. #14
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Might have been good to have an "Others" option. I've been recently doing some work/testing on Prelude, new "hybrid" IDS.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #15
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    Snort!!! with PureSecure

    Originally posted here by nebulus200

    Snort -- Good all around IDS with the price being right. If I was running a small network, this is what I would use, in one form or another. It, at the moment, does not scale well though and if you are in an environment where you would deploy say a few hundred sensors, you can pretty much forget about snort, unless you have megaworkers to keep it running.
    s
    This can be true but I use it with Demarc's Puresecure as a front end (and HID). A central managment console with control over all the sensors and displayed in a nice gui makes snort better than anything out there. And the fact that it is all free makes it even better.
    That which does not kill me makes me stronger -- Friedrich Nietzche

  6. #16
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    Dragon for host. not too impressed with ISS for net since so many false positives.
    Trappedagainbyperfectlogic.

  7. #17
    Junior Member kevler's Avatar
    Join Date
    Sep 2001
    Posts
    6
    i'm still testing Prelude IDS ...huh ..tough man !!

  8. #18
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Please do not bump a one-year six month old thread.

    - X
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  9. #19
    Junior Member
    Join Date
    Jun 2005
    Posts
    1

    Thumbs up Best IDP

    My vote would go to the Netscreen/Juniper IDP - very easy to set up out of the box, not too expensive, very good support from Juniper providing you purchase the support contract. It can be easily set up to send log files to a management server running either Solaris or Redhat. I have previously used the Cisco IDS and compared to the Juniper IDP it was a real pain to manage and track the logs.

  10. #20
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    769
    Like other great minds have stated snort all the way. www.snort.org

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides