How we did it

We set up a test bed to run a number of different products and systems to monitor. This included Windows 2000 Server; Microsoft Internet Information Server 5.0; Red Hat Linux 7.3; Apache 1.3.28; Linux firewall IPTables; Check Point NG; Snort 2.0; Cisco VPN Concentrator; Cisco Catalyst Switch 3500; NetScreen-100 running ScreenOS 2.5, Nessus and Solaris 2.8; McAfee Entercept; Tripwire; and Cisco Security Agent.

After device configuration, we created various filters and correlation events. We launched Blade Software's IDS Informer, Nessus and Internet Security Systems Internet Scanner to trigger events in our devices. We sustained approximately 300 events per second during this testing. As events were logged, we created cases and incident investigation in the products that provided this functionality.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

We set up a test bed to run a number of different products and systems to monitor. This included Windows 2000 Server; Microsoft Internet Information Server 5.0; Red Hat Linux 7.3; Apache 1.3.28; Linux firewall IPTables; Check Point NG; Snort 2.0; Cisco VPN Concentrator; Cisco Catalyst Switch 3500; NetScreen-100 running ScreenOS 2.5, Nessus and Solaris 2.8; McAfee Entercept; Tripwire; and Cisco Security Agent.

After device configuration, we created various filters and correlation events. We launched Blade Software's IDS Informer, Nessus and Internet Security Systems Internet Scanner to trigger events in our devices. We sustained approximately 300 events per second during this testing. As events were logged, we created cases and incident investigation in the products that provided this functionality.

Read more about security in Network World's Security section.