Hello,

>Hi,
>
>I am doing a final project as part of my MSc degree. I am intending to
>evaluate three IDS systems (ISS, Snort, and NFR).
>
>I have some simple experience with snort, but never used ISS or NFR
>although I have the downloads for them. I think I can manage to deploy
>them with the help of available documentations
>
>Questions are:
>
>- Am I making a good selection for products? Bearing in
>mind that I might not be able to get evaluation version of something
>like Dragon.

Why not Dragon? You can download the software and create eval keys on
Enterasys' website.

>- What are the criteria and/or considerations that I have
>to build my conclusions or results on?
>- Any guidance or suggestions?
>
>If there is some one out there who did a similar project, I would be
>most grateful if I can review his papers or at least give me an idea
>about the steps he/she took.

Yep, I did,
but I cannot give you the diploma thesis, it's not for the public.

But I am going to publish a derived IDS paper in september, and next week or
so,
I will publish my criteria catalog for enterprise-wide scaling IDS product,
which will later
be also part of the complete IDS paper.
I will let you all know where to obtain the catalog when it's ready.

>Your help will be very much appreciated.
>
>
>Azad
>

I recommend you not to try a benchmark, but concentrate on scalability,
event correlation, ease of installation and administration and so on.
An open signature format is very important, too.

Stand by until I am ready with my paper.
Greets,
Detmar

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]