Focus on IDS
10gb Jul 21 2010 12:53AM
scott securelabs net (2 replies)
Re: 10gb Jul 21 2010 06:32PM
Curt Purdy (infosysec gmail com) (1 replies)
RE: 10gb Jul 22 2010 12:42AM
Scott Sattler (Scott Securelabs net) (1 replies)
RE: 10gb Jul 29 2010 03:27AM
Paul Sutton (pjsutton urnet net)
Re: 10gb Jul 21 2010 05:08PM
Ron Gula (rgula tenable com) (1 replies)
Re: 10gb Jul 21 2010 05:37PM
Joel M Snyder (Joel Snyder Opus1 COM) (1 replies)
Re: 10gb Jul 22 2010 04:20PM
Jack Whitsitt (sintixerr gmail com)
What I always liked about ISS was that it simplified everything for me
and just told me I had red and yellow things on my network. Of course,
I never knew what those were for myself because I couldnt audit the
signature to find out exactly what it was testing for without actually
running some activity myself. (One of the few times I did was on the
HIDS - I tested su to root. It failed. It looked for su to be
capitalized, which was only true on one version of UNIX.)

But as long as you dont need to know what your IDS is doing, the
manageability of ISS puts it at the top!

;)

On Wed, Jul 21, 2010 at 1:37 PM, Joel M Snyder <Joel.Snyder (at) opus1 (dot) com [email concealed]> wrote:
>> What were some of the things you missed about ISS?
>
> The complexity, man!  How can you enjoy an IDS that doesn't have a
> management appliance which uses different terms than anyone else for
> everything???
>
> And, honestly, I really miss configuring both PC anti-malware and IPS in the
> same console because the job functions are so close to each other and the
> overlap is so clear.  Another thing I think that most folks who have used
> ISS really miss about the product is the built-in firewall that's so stupid
> that it requires you to add rules just so the firewall can talk to itself.
>
> These are the sort of things which provide much-needed job security.
>
> Sure, sure, they did do some cool things like let you explore your events
> the way YOU want to, something most folks are barely getting the hang of.
>  And it actually ran fast enough that you couldn't go out for a cup of
> coffee between queries.  But it's that old-fashioned complexity and
> confusion that really just gets me all nostalgic and misty-eyed.
>
> jms
>
>
> On 7/21/10 7:08 PM, Ron Gula wrote:
>>
>> On 7/20/2010 8:53 PM, scott (at) securelabs (dot) net [email concealed] wrote:
>>>
>>> sourcefire?
>>>
>>>
>>> really?
>>>
>>> in a production network.....ask them how their 9800 sensor works
>>> inline....*snicker*
>>>
>>>
>>> I was stuck using sourcefire for the last two client. I so miss ISS.....
>>>
>>
>> What were some of the things you missed about ISS?
>>
>
> --
> Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
> Senior Partner, Opus One       Phone: +1 520 324 0494
> jms (at) Opus1 (dot) COM [email concealed]                http://www.opus1.com/jms
>
> -----------------------------------------------------------------
> Securing Your Online Data Transfer with SSL.
> A guide to understanding SSL certificates, how they operate and their
> application. By making use of an SSL certificate on your web server, you can
> securely collect sensitive information online, and increase business by
> giving your customers confidence that their transactions are safe.
> http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194
>
>
>

--
Art --> http://jackwhitsitt.com
Security --> http://sintixerr.wordpress.com

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus