[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IDS: Cisco NetRanger

To: John Evdemon <John_Evdemon@freddiemac.com>, ids@uow.edu.au
Subject: Re: IDS: Cisco NetRanger
From: robert_david_graham@yahoo.com
Date: Tue, 25 May 1999 15:17:48 -0700 (PDT)
Sender: owner-ids@uow.edu.au

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------

--- John Evdemon <John_Evdemon@freddiemac.com> wrote:
> I am considering using Cisco's NetRanger product.  

>Have you used similar products?  How does it compare?
I doesn't detect nearly as many intrusions as ISS RealSecure or Network
ICE BlackICE, nor does it handle traffic rates as fast as NFR or
BlackICE.

>What is the incidence of false-positives?
Very high. All intrusion detections systems have high rates of false
positives.

>Is there any impact on your network performance?
NetRanger can be configured to run in "promiscuous mode", which means
it should have zero impact on network performance. This is the same as
all intrusion detection systems. I think NetRanger is the only major
IDS that can also be configured in "pass-through" mode where it
intercepts packets, in which you aren't likely to notice performance
issues if doing things like web browser, but will see them if you are
doing high-performance things like file service.

Rob.


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Prev by Date: IDS: about me
Next by Date: Re: IDS: Cisco NetRanger
Prev by thread: IDS: Cisco NetRanger
Next by thread: Re: IDS: Cisco NetRanger
Index(es):
- Date
- Thread