OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: IDS: RE: Axent IDS tools
From: Sanchez-Cherry, Kevin (Kevin.Sanchez-Cherrynasd.com)
Date: Wed Aug 02 2000 - 09:13:50 CDT


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
My company currently has Intruder Alert, I evaluated ESM, and one of the
other engineers is testing NetProwler. There is integration between ITA,
ESM and NetProwler, but I don't have any experience with NetRecon. I
personally liked ESM, because it is an out-of-the-box solution, even if you
wanted to use other custom policies, you can still have monitoring while
working on them. I think ESM will work best, depending on how much you want
to monitor, to put the agents on your PDCs and BDCs to monitor the user
accounts. If you wanted monitoring at the user level, beyond the accounts
on the domain controllers, then you can put agents on each users desktop.
The only thing you have to do while testing is check for system resource
usage. That is going to be the killer if an agent suddenly uses 95% of CPU
time every time it is turned on. I had that problem with ITA on 1 users
desktop.

-----Original Message-----
From: John G Taylor [mailto:john_g_taylorcgu.com.au]
Sent: Wednesday, August 02, 2000 3:15 AM
To: idsuow.edu.au
Subject: IDS: Axent IDS tools

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
----------------------------------------------------------------------------
-
Hi,

I'm currently investigating IDS tools. Has anyone used the Axent tool sets
before?

I'm looking at
        NetRecon
        Enterprise Security Manager
        Netprowler

I know there is some cross over in what can be done but if anyone has had
exposure to these products I'd be glad to here from you.

The NetRecon product seems quite good.

thanks,

John Taylor