Home page logo

basics logo Security Basics mailing list archives

RE: Recommending an IDS system
From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Thu, 04 Mar 2004 09:09:59 +0000

--On 02 March 2004 16:35 -0300 Daniel Cid <danielcid () yahoo com br> wrote:

Just correcting, the Cisco IDS sensors runs on Solaris
and an advantage under the snort (the open source one)
is the possibility to apply a shun (to block traffic)
and it's much easies to view/analyze the logs...

You might like to look into SnortSAM <http://www.snortsam.net/> and flexresp; I believe these features allow Snort to achieve the same effect. SnortSAM integrates with FW-1, PIX, Cisco ACLs, Netscreen, ipf, pf, ipchains, iptables and WatchGuard. Alternatively, if you're after an inline IPS, snort-inline <http://snort-inline.sourceforge.net/> or hogwash <http://hogwash.sourceforge.net/> are the way to go.

Daniel B. Cid

Best Regards,
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]