I'd take Nessus and do a complete scan (or a subset, depends on your needs). This should give you lots of alerts which you can compare with the attacks tested. Plus a set of normally allowed accesses (http, telnet...) to test if the ids catches these too (especially to addresses where it's forbidden by your acls).
-- Dr. Uwe Kreibaum Lotterie-Treuhandgesellschaft mbH Hessen Tel.: (0611) 3612-0 Durchwahl: FAX: 356, Tel.: 347 > -----Ursprüngliche Nachricht----- > Von: Millan, Raul [mailto:[EMAIL PROTECTED]] > Gesendet am: Montag, 12. November 2001 20:36 > An: [EMAIL PROTECTED] > Betreff: RE: IDS Question > > We just implemented Dragon, now I'm looking for a checklist > of tests for > verifying that everything is working as it should. > > Does anyone have such a checklist for testing the IDS? > > Regards, > > Raúl Millán > > -----Mensaje original----- > De: Paul Innella [mailto:[EMAIL PROTECTED]] > Enviado el: Viernes 9 de Noviembre de 2001 03:30 PM > Para: 'Dennis Oliver'; [EMAIL PROTECTED] > Asunto: RE: IDS Question > > > > Virtually all IDS products will allow for alerts that generate emails > and pages as their means of notification. Our experience is that ISS' > solution is in fact one of the easier to manage while > Symantec's is more > difficult. The best solution that we have seen, however, is > Enterasys' > Dragon product for manageability, cost, and effectiveness. > > Paul Innella, CISSP > www.TDISecurity.com > > > > -----Original Message----- > From: Dennis Oliver [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 05, 2001 1:54 PM > To: [EMAIL PROTECTED] > Subject: IDS Question > > Hello All, > Sorry if this is not the right place to post. > > I am trying to implement an IDS and not sure on which brand to > implement, currently we use Checkpoint Firewall-1 for our firewall. I > have heard that real secure IDS is good for integrating with > Checkpoint. > My question is does anyone have any recommendations on an IDS that is > easy to manage and not to pricey. What I am looking for in the IDS > features is to have it e-mail or if possible send a Text Page > to a cell > phone or pager to alert of attacks, easy to manage, and integrate with > Checkpoint if possible. Any help would be greatly appreciated. > > Thanks, > Dennis > > > Nachricht wurde von MailSweeper gescannt. >
