[Snort-sigs] performance criteria

Jamie Riden jamie.riden at ...2420...
Mon May 16 16:11:41 EDT 2011


Hi Jules,

For me - and I've been mucking with IDS on and off for a little over
ten years now, but very much on a budget -

1. what can you afford?
2. can you load a useful rule set and not be dropping packets?
3. can you tune it properly?

This is very much down to personal taste, how much time you have to
play with it daily, and the normal traffic of particular installation
you're looking at, so I suggest evaluating a couple of units before
you commit to purchasing.

I've seen McAfee Intrushield (or whatever it's called this month),
snort and a quick look at some Juniper box. McAfee was awkward to
drive, compared with being able to pipe the snort output into perl or
bash scripts. If you don't write perl/bash scripts, you won't get any
benefit from this though.

cheers,
 Jamie

On 15 May 2011 14:20, Jules Pagna Disso <jules at ...3310...> wrote:
> hi,
>
> I know this is not directly related to rules but I think you would be the
> best to help me with the criteria/parameters that need considering when
> evaluating and IDS performance or when comparing two IDS.
>
> thanks,
> Jules
>
> ------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
> http://p.sf.net/sfu/intel-dev2devmay
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org

-- 
Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...
http://uk.linkedin.com/in/jamieriden




More information about the Snort-sigs mailing list