Security Basics mailing list archives
Re: Network IDS
From: "Andy Cuff [talisker]" <offthecuff () lineone net>
Date: Sun, 17 Aug 2003 12:10:01 +0100
Hi Duston There are loads of network IDS out there that meet your requirements, I'm sure most of the vendors will have pinged you off list by now. All the NIDS I know of are on my site at http://www.networkintrusion.co.uk/N_ids.htm with a few salient details on each. With so few servers it may be worth considering running a Host Intrusion Prevention System on each, though this will blind you from seeing attacks against your other hosts. Personally I'd highly recommend a NIDS and HIPS but make sure the output can be correlated otherwise there will be a higher management overhead. Snort is a viable contender to the commercial products though it is not free as some suggest. Yes it costs you nothing in licensing but it still has to be managed, you also have to react to it's output. Cisco's rebadged Stormwatch is very good, though I haven't played with their NIDS for a very long time. ISS RealSecure desktop protector coupled with Realsecure Network Sensor 7 will ease your entry into IDS but it tends to be pretty noisy, though tuning is easier of late. I'd recommend attending Learning Tree International's Deploying IDS course http://www.learningtree.com/courses/588.htm before you make a choice as it introduces various products including Snort, more importantly lets you play with them ! just a few thoughts take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "Duston Sickler" <dustons () charter net> To: <security-basics () securityfocus com> Sent: Friday, August 15, 2003 6:30 PM Subject: Network IDS
Hello, I would like to thank in advance everyone who is out of the office. I really do like to hear about it. The Network Administrator for the company I work for has charged me to locate a Network Intrusion Detection System. We do have a monitored firewall between us and the outside world. We need something to protect
our
servers from anyone coming from the inside. We have about 20 Windows 2000 Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations. We live in a 100% Windows world and the powers that be will not be
receptive
to any *nix solutions. We are more the willing to pay for a top of the
line
product as long is it is in fact top of the line. Currently I have been looking at the Symantec Gateway Device. We like the idea of a stand alone piece of hardware. The only problem is we already have a gateway server washing our email of viruses and 99% of Spam. Does anyone have any comments on the Symantec Gateway device? We have had excellent experiences with there Gateway software and NAV Corp. Does
anyone
have a different or better device that they could point me towards? I would like to thank everyone who replies to this post. I have learned a great deal being on this list the last year and will continue to
appreciate
all the expertise that is freely given here. Duston Sickler CompTIA A+ Certified "Cedo nulli." --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Network IDS Duston Sickler (Aug 15)
- Re: Network IDS Logan Rogers-Follis - TNTNetworx.net (Aug 16)
- Re: Network IDS Duston Sickler (Aug 16)
- Re: Network IDS Gabriel Orozco (Aug 16)
- Re: Network IDS cc (Aug 16)
- RE: Network IDS Stuart (Aug 16)
- Re: Network IDS Andy Cuff [talisker] (Aug 18)
- Re: Network IDS Lukas Sosnovec (Aug 18)
- Re: Network IDS Adam Newhard (Aug 18)
- Re: Network IDS Attila Nagy (Aug 22)
- Re: Network IDS Gopinath (Aug 25)
- <Possible follow-ups>
- RE: Network IDS Krueger, Brian (Aug 16)
- Re: Network IDS Duston Sickler (Aug 16)
- expert? (was: Re: Network IDS James W. Meritt (Aug 18)
- Re: Network IDS Schneider Sebastian (Aug 18)
- Re: Network IDS -SIMON- (Aug 27)
- RE: Network IDS McGill, Lachlan (Aug 18)
(Thread continues...)
- Re: Network IDS Logan Rogers-Follis - TNTNetworx.net (Aug 16)