Security Basics mailing list archives
RE: Network IDS
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Mon, 18 Aug 2003 11:54:32 +0100
Hallo Duston, stop by your local (used) bookstore and compare Stephen Northcutt's definitive Book 'Network Intrusion Detection: An Analyst's Handbook' in Versions 1, 2 and 3. You will notice his switch from identifying snort as an option, to mentioning it prominently, to useing is as a basis for almost all of his examples. At the moment the IDS sector is burping generally because snort is so good that the commercial products are having a hard time keeping up. Also the signature base is larger and better than that of any single commercial vendor. As far as the no support issue, i am aware of it. Many businesses that i have dealt with have similar 'problems' or at least we can call them hang-ups. One argument i have used sucessfully is this: open source software is cheaper to deploy so that you can use the money it would cost to pay support and licensing fees to hire a freelance programmer for a month or two to rewrite the software to fit your needs if you have problems. PS: I have lost the URL, but Marty Roesch, the author of snort, has a consulting business. I am not sure if they are 'supporting' snort, but it would be worth a check. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg Germany -----Original Message----- From: Duston Sickler [mailto:dustons () charter net] Sent: Friday, August 15, 2003 7:30 PM To: security-basics () securityfocus com Subject: Network IDS Hello, I would like to thank in advance everyone who is out of the office. I really do like to hear about it. The Network Administrator for the company I work for has charged me to locate a Network Intrusion Detection System. We do have a monitored firewall between us and the outside world. We need something to protect our servers from anyone coming from the inside. We have about 20 Windows 2000 Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations. We live in a 100% Windows world and the powers that be will not be receptive to any *nix solutions. We are more the willing to pay for a top of the line product as long is it is in fact top of the line. Currently I have been looking at the Symantec Gateway Device. We like the idea of a stand alone piece of hardware. The only problem is we already have a gateway server washing our email of viruses and 99% of Spam. Does anyone have any comments on the Symantec Gateway device? We have had excellent experiences with there Gateway software and NAV Corp. Does anyone have a different or better device that they could point me towards? I would like to thank everyone who replies to this post. I have learned a great deal being on this list the last year and will continue to appreciate all the expertise that is freely given here. Duston Sickler CompTIA A+ Certified "Cedo nulli." --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Network IDS, (continued)
- Re: Network IDS Lukas Sosnovec (Aug 18)
- Re: Network IDS Adam Newhard (Aug 18)
- Re: Network IDS Attila Nagy (Aug 22)
- Re: Network IDS Gopinath (Aug 25)
- RE: Network IDS Krueger, Brian (Aug 16)
- Re: Network IDS Duston Sickler (Aug 16)
- expert? (was: Re: Network IDS James W. Meritt (Aug 18)
- Re: Network IDS Schneider Sebastian (Aug 18)
- Re: Network IDS -SIMON- (Aug 27)
- RE: Network IDS McGill, Lachlan (Aug 18)
- RE: Network IDS Meidinger Chris (Aug 18)
- RE: Network IDS Dave Killion (Aug 26)