|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IDS: a novice question. -reply
From: Mark.Teicher
predictive.comDate: Wed Mar 29 2000 - 15:00:09 CST
- Next message: Lister, Justin: "IDS: Bounced messages"
- Previous message: Mark.Teicherpredictive.com: "Advanced Concept New Detector of sorts Was: Re: IDS: a novice question. -reply"
- Maybe reply: Mark.Teicherpredictive.com: "Re: IDS: a novice question. -reply"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
Jesse Nelson <yodaxuma.com>
Sent by: owner-idsuow.edu.au
03/29/00 06:31 AM
To:
cc: idsuow.edu.au
Subject: Re: IDS: a novice question. -reply
Previously stated, it really depends on an organization's warm and fuzzies
about a particular IDS system over another. Some like all the bells and
whistles and want the IDS application to do all the backend work and just
spit out nice and spiffy Crystal or HTML pretty reports. Some like to
roll their own reports and add in additional data more than what is
currently spit out through the generic reports for explanation. For
example, Spoofed IP's, etc have a lot more interesting data then a
half-a-port scan. Replays of certain network activity other than the
typical ftp, telnet sessions would also be nice.
I have personally went through a few head scratching sessions with a
couple of commeric IDS apps during through product evaluation testing
(i.e testing for usability, testing for monitor monkey familiarity,
testing for installation/de-installation, reporting, functionality under
high, medium and low network conditions,etc).
I have also seen vast improvements in the IDS applications, the usability,
usefullness, flexibility, etc. So stay tuned.. :)
/m
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
>The entry level operators tend to use ISS, while the security gurus tend
to use Dragon.
This is exactly why we did not go with ISS. We had been using Snort
quite a bit and got really familiar with analyzing raw data. ISS left me
and my partner with a feeling of not knowing what It was seeing and
being able to validate what ISS was reporting. My personal feeling is
that a really good GUI that does a lot of baselining and explaining is
good for our engineers in the NOC, but when we see a lot of alerts we
want to be able to reassemble the transaction, and have as much raw
forensic data as possible.
Jesse Nelson
X U M A <Build-to-order e-business>
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
iQA/AwUBN91vnNhXPjK633e5EQJLGgCgmF4I0ZETgvMYulA1JzKaYkRl5SEAnjKI
u0Jei6OSSWvZTIryJKbXZKyi
=S62K
-----END PGP SIGNATURE-----
- Next message: Lister, Justin: "IDS: Bounced messages"
- Previous message: Mark.Teicherpredictive.com: "Advanced Concept New Detector of sorts Was: Re: IDS: a novice question. -reply"
- Maybe reply: Mark.Teicherpredictive.com: "Re: IDS: a novice question. -reply"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]