Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Thu Jun 20 2002 - 11:41:44 CDT
>I am doing a final project as part of my MSc degree. I am intending to
>evaluate three IDS systems (ISS, Snort, and NFR).
>I have some simple experience with snort, but never used ISS or NFR
>although I have the downloads for them. I think I can manage to deploy
>them with the help of available documentations
>- Am I making a good selection for products? Bearing in
>mind that I might not be able to get evaluation version of something
Why not Dragon? You can download the software and create eval keys on
>- What are the criteria and/or considerations that I have
>to build my conclusions or results on?
>- Any guidance or suggestions?
>If there is some one out there who did a similar project, I would be
>most grateful if I can review his papers or at least give me an idea
>about the steps he/she took.
Yep, I did,
but I cannot give you the diploma thesis, it's not for the public.
But I am going to publish a derived IDS paper in september, and next week or
I will publish my criteria catalog for enterprise-wide scaling IDS product,
which will later
be also part of the complete IDS paper.
I will let you all know where to obtain the catalog when it's ready.
>Your help will be very much appreciated.
I recommend you not to try a benchmark, but concentrate on scalability,
event correlation, ease of installation and administration and so on.
An open signature format is very important, too.
Stand by until I am ready with my paper.
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net