TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

Guys,

to be frank I think you are doing it all wrong, using late 90,s ideas and
the "same old stuff"!

If I was building a solution I would not look at the network topology and
methodologies employed but look to the real issues and risk assessments. In
Europe we have provided a structured approach which has yielded superb
results for large multinationals by looking at what you need to protect and
how best to achieve it rather than looking at network pipes and older
methodologies. A recent solution we put together was based purely on what
was needed rather than what had been previously employed.

The client already had Cisco Netranger and some Realsecure Network Sensors
and it was simply not able to handle the bandwidth or the VLAN issues. The
question was whay are you doing it that way? A risk asessment identified the
true areas of risk which were actually quite simple: Access to the internet
and from the internet to both web servers and users desktops, possibilities
of internal abuse to corporate servers and a major risk from VPN Notebook
PC's out in the field. The solution was simple, two RealSecure Guard on the
internet links, (thus protecting all Company resources from attack there),
Realsecure Desktop Protection on the remote notebook P.C.'s and Server
Sensor's on the host.

The entire network protected with not a single network sensor! (could argue
the Guards are sensors but they are in-line!) Standard Network Sensors were,
in my humble opinion, great in the days bvefore switched networks and VPN's
but times have changed and simpler more manageable solutions are required.
We see such a solution as above with ICECap Manager looking after the Guards
and Desktop protectionb and feeding alerts to Site Protector which is
managing the server Sensors and controlling an automated Internet Scanner as
the best that can be achieved today.

Any comments anyone?

John Taylor

-----Original Message-----
From: Moore, Carl, Mr., PEC-ARNG [mailto:Carl.Moorepec.ngb.army.mil]
Sent: Monday, May 20, 2002 6:52 PM
To: 'sixty seven'; issforumiss.net
Subject: RE: Cisco IDS + RS IDS

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------

ALCON,
I am currently running both the RealSecure sensors and the Cisco IDSM
modules on my 6500s. This solution gives you the best of both worlds. What
one system doesn't catch, the other one does. When you find a signature that
is firing off on one and not the other, you write a custom signature. Due to
equipment limitations, I run RealSecure sensors on the outside of my
firewalls, on my DMZ's, and on my server vlan. I have three IDSM's covering
the other vlans. The server vlan ends up getting double coverage. I am also
running about 50 vlans and have never oversubscribed my IDSM's, but
sometimes the RealSecure sensors miss traffic. I don't have any of the Cisco
IDS appliances yet but I plan on purchasing a couple of 4210's later this
year. If you get the 4230, it can handle multiple vlans. This is just like
running McAfee and Norton on the same network. If you can afford them it
doesn't make sense not to have them both.

Carl W. Moore
Network Engineer
National Guard Professional Education Center

-----Original Message-----
From: sixty seven [mailto:ssixtyhotmail.com]
Sent: Monday, May 20, 2002 10:48 AM
To: issforumiss.net
Subject: Cisco IDS + RS IDS

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------

All,

Due to problems with switched LANs and VLANs, we are considering a Hybrid
solution with ISS Real Secure and Cisco 6500 based Cisco Secure Poloicy
Manager for IDS. Has anybody tried this b4.
The network in Q? has more than 50 VLANs with Cisco 2900, 3500 and 5500
upward of 600 in total. Spanning seems a bit unrealistic.
Any Ideas? GURUs out there!

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]