lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Dec 12 04:43:50 2005
From: fd at mchsi.com (Mark)
Subject: Snort as IDS/IPS in mission-critical enterprise
	network

Native.Code wrote:
> Dear all,
> 
> Thanks for valuable input. It was very much appreciated. I kind of get the
> impression that Snort is very stable product but it needs a lot of effort
> configuring, monitoring and customizing. 

This is very true. And, I suspect; it is true of any IDS.  If you have
any kind of sizable network no IDS can be pre-packaged that will work
perfectly for your network.  They are all going to need "a lot of effort
configuring, monitoring and customizing" if you are going to do it
correctly.  I don't see how it could be any other way, because, they
don't know your network.

> We will definitely give it a try. I
> assume I did not mention, we will be using Windows binary. Is this as stable
> as Linux version?

I doubt it would be as stable.  Do you have a reason for using a Windows
binary?

> 
> Some of you mentioned that many commercial productions are based on Snort.
> Can anyone name another product besides those from Sourcefire?

If you are looking for something outside of Sourcefire I would consider
Sentarus from demarc.com  I was really happy with their PureSecure
product before they discontinued it.  But, when they told us it would be
10X the price to upgrade to Sentarus we started looking elsewhere and
ended up with the Sourcefire products with mixed results.  (Their RNA
software is not even close to what it's cracked up to be.)

But, now that Sourcefire has pretty much locked up the signature
database, demarc.com has drastically reduced their pricing on their
Sentarus product.

Kind of underhanded on Sourcefire's part in my opinion.  But, business
is business I guess.  I just thought Marty was above that.

--
Mark

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ