On Fri, 3 Mar 2000, Marcus J. Ranum wrote:
> Probably the best way to get some real life experiences with them
> is to try one yourself. It's not particularly difficult (or shouldn't
> be!) and any credible vendor will let you "try before you buy."
I would agree completely here. Get one or two of your top choices
in house and play with them on a test network with active responses
(like kills, etc.) turned off. You might also want to turn off
any paging or email alerts at first.
> There are a few decent articles in the trade press about some of
> the products out there - one thing to be aware of when you read
> them is that IDS products are still at the rapid stage of evolution
> and whats said about any given product 6 months ago probably no
> longer applies.
There is a new article coming out in one of the *Weeks this week or next
on network IDS. There was an article last week in PCWeek on a host
based IDS from Clicknet.
>
> > We have about 35
> >desktops, 4 servers. I've heard that false positives can make deploying
> >this type of a solution impractical for a small sized business. Is that
> >true?
I will agree with that Marcus has already said here and add:
All the existing products show false positives to some extent. The
key with the current crop of IDS is to configure it (them) properly.
Do not just use the out of the box default configurations, these will
show you things that you do not want to see and will alarm when you
don't want them to. Figure out how the product works, then configure
it to your environment, then test it.
> (Disclaimer: I am a vendor in the IDS area. However, I don't believe
> there is anything in my posting above that is even arguably biassed
> towards my company's products or our competition.)
I have to make a similar disclaimer. I work for Fortrex Technologies
and we sell the ISS and Axent systems.
If you want further details on any of our products, let me know.
Eric
---------------------------------------------------------------------
Eric Maiwald [EMAIL PROTECTED]
So Many Hobbies, So little time
---------------------------------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
