Intrusion Detection Systems mailing list archives

Re: IDS Comparison

From: jrezabek () iss net (John Rezabek)
Date: Fri, 03 Mar 2000 11:47:45 -0500



Paul,
Thanks for the comments on RealSecure. I want to add that:

Their are numerous enhancements in the next release of RealSecure, which is 
targeted for Q2. One of the enhancements is IP Fragmentation Re-assembly. 
See note below:

  The next release of RealSecure will detect more advanced IP frag 
attacks  by adding enhanced IP Fragment re-assembly to the Network Sensor. 
The IP Fragmentation re-assembly code has been successfully tested both 
in-house and at various customer sites. This functionality has been 
completely re-engineered to help prevent evasive techniques, such as the 
ones described in the recent BugTraq posting.

If you have any additional questions, feel free to contact me directly.

Thanks

John

At 03:18 PM 3/2/00 -0500, Paul_J_Bielefeldt () notes tcs treas gov wrote:

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
---------------------------------------------------------------------------
---
Of those two products, Real Secure is the better (and cheaper).  NetRanger
detects only 111 signatures, which is way below the average (200-300) of most
IDS.  Real Secure is one of the leaders in this area with over 400 signatures.
NetRanger leaves sessions in cleartext between its network sensors and
management consoles; whereas, Real Secure doesn't.

Niether product, however, performs packet fragment reassembly, which will 
allow
a slightly more sophistictated hacker to bypass them.  Also, neither product
allows you to create your own signature (though both vendors will claim
differently).  For that reason, I would recommend other products such as 
Network
Flight Recorder or Dragon that has these added features.  They both have over
400 signatures as well.  They might be a little more difficult to use; 
however,
than Real Secure.

-Paul-


Hi,

Our company would like to purchase an intrusion detection system.
We don't know which one to choose Netranger or ISS Real Secure.
Can somebody help us to make a comparison between these two products ?

Thanks.
Sirine Tlili


                "Adaptive Network Security for the Enterprise"

John M. Rezabek                                                 Phone: 727.517.1500
Technical Product Manager                       Fax: 727.517.9090
ISS Internet Security Systems, Inc.     Pager: 888.784.6185
NASDAQ (ISSX)                                           E-Mail: jrezabek () iss net

Current thread:

Re: IDS Comparison, (continued)
- Re: IDS Comparison Bryan Nairn (Mar 03)
  - Re: IDS Comparison Misha (Mar 03)
  - Re: IDS Comparison Greg Shipley (Mar 04)
    - Re: IDS Comparison John S Flowers (Mar 04)
    - Re: IDS Comparison Ron Gula (Mar 05)
    - RE: IDS Comparison Bill Royds (Mar 06)
    - disadvantages and advantages kukulkan () netsecure fsksm utm my (Mar 05)
    - Re: disadvantages and advantages bbradd () olg com (Mar 06)
    - Re: IDS Comparison Greg Shipley (Mar 05)
- Re: IDS Comparison Paul_J_Bielefeldt () notes tcs treas gov (Mar 02)
  - Re: IDS Comparison John Rezabek (Mar 03)
- Re: IDS Comparison Robert Graham (Mar 03)
  - Re: IDS Comparison Jackie Chan (Mar 04)
    - Re: IDS Comparison Marcus J. Ranum (Mar 04)
    - Re: IDS Comparison Greg Shipley (Mar 05)
  - Re: IDS Comparison Marcus J. Ranum (Mar 04)
    - Re: IDS Comparison Jackie Chan (Mar 04)
- Re: IDS Comparison Robert Graham (Mar 04)
  - Re: IDS Comparison Jackie Chan (Mar 04)
  - Re: IDS Comparison Misha (Mar 05)
- Re: IDS Comparison Robert Graham (Mar 04)

(Thread continues...)