[481] in Intrusion Detection Systems
Re: Intro; Question
daemon@ATHENA.MIT.EDU (Dave Bailey)
Fri Jan 26 05:38:32 1996
Date: Thu, 25 Jan 1996 15:00:27 -0700 (MST)
From: Dave Bailey <daveb@gcsi.com>
To: ids@uow.edu.au
In-Reply-To: <9601220719.AA25222@all.net>
Reply-To: ids@uow.edu.au
On Mon, 22 Jan 1996, Fred Cohen wrote:
> At least two such systems are now in daily commercial and government use:
>
> DIDS and CMDS
>
> There are probably others as well.
I don't know CMDS. Is that a commercial product?
I do know DIDS. It is not a commercial product and is not generally
available. It does an admirable job, but it is resource intensive (cpu
cycles, disk space, and operator and analyst time). Even if it were
available, it would not be a solution for very many sites.
Stalker (an outgrowth of Haystack--specialized fot Sun systems) is the
only commercial product that I know of. However, Phillipe Langlois
mentioned one developed in France. Perhaps he could summarize this
product for our edification??
What I really meant by the question was not "Does there exist some
(perhaps unspcified) user of IDS" but rather "Is anyone that reads this
list an IDS user?"
>
> In addition, many people use things like TCP wrappers in combination
> with custom warning systems as a rudimentary form of IDS. (I do this
> and it works quite well for certain situations).
True, this works and is useful, but---
* custom warning systems are custom systems (i.e. hand built), and
* this approach works well only for small sites. It doesn't scale
well to larger networks.
A network product would be a nice thing to have.
> Some months ago I did
> a brief investigation of the IDS situation and concluded that of the
> products out there, I could not heartily recommend any to my commercial
> clients.
This, of course, was the point of my question.
---D
