I stand corrected on the shunning part (thanks Glenn). You can use shun with 6.1, but I am not sure about the details for allowing this to happen dynamically using CSPM. I hesitate to ever implement dynamic shunning as a savvy attacker can use that to shun valid sources as a form of DoS.
""John Kaberna"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > PIX's and routers capable of running IDS run a very limited version of IDS. > I believe they only catch 59 signatures which isn't very much. It's not bad > for a small company that has a PIX that would like to start down the path of > having a true IDS some day. > > I'm not sure what you mean about Snort being recognized by the PIX. I would > guess that you mean shunning which the PIX does not support regardless of > whether you use Snort or a Cisco IDS solution. Only the routers support > shunning. > > I personally use Snort for my small-medium clients since it's free, has a > large install base, and can run on multiple platforms. If I have a client > that is an all Windows shop I can put in on Win2k. If they are pro-Unix, I > can put it on Linux or even Solaris. There is a lot more flexibility than > some of the other IDS solutions for a lot less money. > > I doubt that I would desire an MS solution even if they did come out with > one. I don't trust Bill when it comes to security. > > > ""Brian Zeitz"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I read that the 2600 router (or definitely higher model routers) have > > IDS built in, but if you bought any Pix Firewall it wouldn't have IDS. > > Am I mistaken on this? So the most people who want IDS who cannot afford > > / justify (just yet) and IDS box are using Snort? I have a pix 515UR, > > and if I read correctly, it has the capabilities to interface to an IDS > > box, but it is not an IDS box itself. Also, if I use Snort as an IDS, > > will the pix be able to recognize it? Maybe Microsoft will come out with > > a tool of this nature, which is free (not really free, but included with > > OS) like some of the built in components in 2000. > > > > > > > > If I have some misinformation here, I have not read my 1000 page IDS > > book as of yet, but I am working on MCNS. > > > > > > > > I found a document that will allow me to install Snort on Windows 2000, > > that is my current plan for implementing IDS. Can anyone give me the > > pros and cons of Snort Vs. Cisco IDS system? What other alternatives > > should I be looking at. My company does not really need an IDS as of > > yet, but I am doing this just for fun and for learning about > > security/IDS. > > > > > > > > Hope my pro-Microsoft attitude is OK in the group. I like working on > > routers and security, and don't spend a lot of time tweeking around with > > Operating Systems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46646&t=46639 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
