Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: Re: IDS: Net Ranger vs. RealSecure vs. NFR

Re: IDS: Net Ranger vs. RealSecure vs. NFR

Carric Dooley (carriccom2usa.com)
Tue, 6 Jul 1999 00:16:09 -0400 (EDT)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Marcus J. Ranum: "Re: Extreme Hacking"
Previous message: arkeltex.ru: "Re: Extreme Hacking"
Maybe in reply to: Budke: "Extreme Hacking"
Next in thread: Vin McLellan: "Re: IDS: Net Ranger vs. RealSecure vs. NFR"

Then NFR is the only ticket (unless you watn to use REALLY high-end RS
probes).

The main advantages to NFR are it's speed and adaptability. A
disadvantage may be it's adaptability. =) You will need someone on staff
with some programming skills to build the custom scripts you may want to
add to the existing NFR package.

One thing I am not clear on is how you plan to avoid setting up probes on
each segment you want to monitor. That is not really a downer to RS as
you will need to do this with NFR or NR...

You may also want to contact ISS direct and ask them what they have in the
works for the near future as far as solving the "high load" delimma.

Carric Dooley
COM2:Interactive Media
http://www.com2usa.com

On Mon, 5 Jul 1999, SiOL CERT wrote:

> Hi.
>
> I have two intrusion detection systems on a trial run, but have to chose the
> big winner. Both of them have been recommended as the cream of the crop and
> 'best money can buy', but from the wrong persons.
>
> One of them is Cisco's Net Ranger Director, which uses HP OpenView as a GUI
> (not prefered) and other one is ISS' Real Secure, which is a bit of a pain
> because I'd need to set a machine on each segment of the network I want to
> monitor.
>
> The third IDS is my personal favorite NFR's Network Flight Recorder (ever
> since I read the white paper), but I need more informations about all of the
> mentioned IDS systems (especially cons, pros are more or less known).
>
> The network in question is an ISP's public part of the system, which means I
> need some detection system than can swallow more than 70Mbit traffic on the
> fly.
>
> Thanks in advance,
>
> Saso
>
> -
> [To unsubscribe, send mail to majordomolists.gnac.net with
> "unsubscribe firewalls" in the body of the message.]
>

Next message: Marcus J. Ranum: "Re: Extreme Hacking"
Previous message: arkeltex.ru: "Re: Extreme Hacking"
Maybe in reply to: Budke: "Extreme Hacking"
Next in thread: Vin McLellan: "Re: IDS: Net Ranger vs. RealSecure vs. NFR"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:02 CDT