What I always liked about ISS was that it simplified everything for me and just told me I had red and yellow things on my network. Of course, I never knew what those were for myself because I couldnt audit the signature to find out exactly what it was testing for without actually running some activity myself. (One of the few times I did was on the HIDS - I tested su to root. It failed. It looked for su to be capitalized, which was only true on one version of UNIX.)
But as long as you dont need to know what your IDS is doing, the manageability of ISS puts it at the top! ;) On Wed, Jul 21, 2010 at 1:37 PM, Joel M Snyder <[email protected]> wrote: >> What were some of the things you missed about ISS? > > The complexity, man! How can you enjoy an IDS that doesn't have a > management appliance which uses different terms than anyone else for > everything??? > > And, honestly, I really miss configuring both PC anti-malware and IPS in the > same console because the job functions are so close to each other and the > overlap is so clear. Another thing I think that most folks who have used > ISS really miss about the product is the built-in firewall that's so stupid > that it requires you to add rules just so the firewall can talk to itself. > > These are the sort of things which provide much-needed job security. > > Sure, sure, they did do some cool things like let you explore your events > the way YOU want to, something most folks are barely getting the hang of. > And it actually ran fast enough that you couldn't go out for a cup of > coffee between queries. But it's that old-fashioned complexity and > confusion that really just gets me all nostalgic and misty-eyed. > > jms > > > On 7/21/10 7:08 PM, Ron Gula wrote: >> >> On 7/20/2010 8:53 PM, [email protected] wrote: >>> >>> sourcefire? >>> >>> >>> really? >>> >>> in a production network.....ask them how their 9800 sensor works >>> inline....*snicker* >>> >>> >>> I was stuck using sourcefire for the last two client. I so miss ISS..... >>> >> >> What were some of the things you missed about ISS? >> > > -- > Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 > Senior Partner, Opus One Phone: +1 520 324 0494 > [email protected] http://www.opus1.com/jms > > ----------------------------------------------------------------- > Securing Your Online Data Transfer with SSL. > A guide to understanding SSL certificates, how they operate and their > application. By making use of an SSL certificate on your web server, you can > securely collect sensitive information online, and increase business by > giving your customers confidence that their transactions are safe. > http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194 > > > -- Art --> http://jackwhitsitt.com Security --> http://sintixerr.wordpress.com ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
