I've found no product that can do network-based detection for 100+Mb
environments. Currently we've decided on host-based IDS as our answer.
Both ISS and Axent's products can do similar management of multiple hosts
similar to network-based products including the ability to watch single
port-scans across multiple hosts, etc. ISS and Axent are also
multi-platform.
- Aaron Schultz
- [EMAIL PROTECTED]
------
On Thu, 3 Aug 2000, Johnson, Carl wrote:
> Bandwidth is an issue for me. I'm told by Cisco that
> NetRanger (or Intrusion Detection System as it is called
> now) also cannot monitor more than 100mbs.
>
> Does anything know of an IDS system that can go over 100mbs?
> Perhaps with a gig interface? That is, if adequate monitoring
> is even possible with today's hardware at those speeds!
>
> Thanks!
> Carl
>
> > -----Original Message-----
> > From: Aaron Schultz [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 03, 2000 10:54 AM
> > To: Firewalls LIST
> > Subject: Re: Intrusion Detection
> >
> >
> > I wouldn't promote NFR...
> >
> > They can't monitor much bandwidth...(ie: 100+Mbit)
> > When I asked about monitoring any amount of bandwidth they sent me to
> > voicemail and I wasn't called back until the sales associate
> > decided it
> > was time to check to see if I had received answers to my various
> > questions. Furthermore, they claim the only way to monitor a decent
> > amount of bandwidth is to put multiple NFR devices behind a
> > foundry (or
> > similar) switch, although they don't have true answers on how
> > the machines
> > coordinate their data when used seperately like this.
> >
> > NFR also lists only DESKTOP devices (ie: Compaq PCs) on their
> > literature,
> > not 1 piece of hardware listed was a decent server platform.
> >
> > I never made it to their evaluation of their product - I find their
> > pre-sales support to be less than adequate. Currently the
> > best answers
> > for IDS (IMO) are:
> > - Internet Security System's products
> > - Axent's (now Norton's) product line
> > (both have Windows agents)
> >
> > - Aaron Schultz
> > - [EMAIL PROTECTED]
> > ------
> >
> > On Thu, 3 Aug 2000, Fabio Pietrosanti wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Network Flight Recorder, run only on Unix, but it's the
> > BEST and the most
> > > difficult to tune in my opinion. It use his N-Code for creating the
> > > Backend filter.
> > > look here http://www.nfr.net
> > >
> > > Pietrosanti Fabio I.NET SpA, High Quality Access
> > to the Internet
> > > e-mail: [EMAIL PROTECTED] ( Direzione Tecnica,
> > Gruppo Firewall )
> > > [EMAIL PROTECTED]
> > > PGP Key (DSS)
> http://naif.itapac.net/naif.asc
> >
> > Home Page URL: http://www.inet.it
> > Sede: Via Caldera, 21 20153 Milano
> > Tel: 02-409061 Fax: 02-40906303
> > --
> > Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS
> >
> >
> > On Thu, 3 Aug 2000, Rob Serfozo wrote:
> >
> > > We are investigating the installation of Intrusion Detection software.
> > > Wondering if the list had any opinions good or bad towards any product.
> We
> > > are hoping to be able to run on a Windows platform. We are currently
> using
> > > a PIX firewall.
> > >
> > > Thanks,
> > > Rob Serfozo
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> > >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.1 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> > Filter: gpg4pine 4.1 (http://azzie.robotics.net)
> >
> > iD8DBQE5iZc8dK5I1NnlcMYRArVIAJwLOjB3xWV8dJL8HcC2GN7JnvWBBwCgnN2v
> > f/8+3RNhPbhLeFLQ7/hRqzY=
> > =eoJG
> > -----END PGP SIGNATURE-----
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
