Security Basics mailing list archives
Re: Network IDS
From: -SIMON- <simon () snosoft com>
Date: Tue, 26 Aug 2003 15:45:22 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Here is an article that I wrote for masshightech regarding network based intrusion detection systems. It outlines in very high level what the issues are but doesn't get too technical. I'd like to know what people think about the article, and I do realize that its got marketing materials in it... thank you marketing staff... but the content is, in my opinion still fairly reasonable and a good read for starters.
http://www.masshightech.com/displayarticledetail.asp?art_id=63368&cat_id= Duston Sickler wrote:
Snort was my first recommendation. However the Network Administrator is of the attitude that free software = cheap or lower class software. He also didn't like the fact the there was no tech support we could call. Duston Sickler CompTIA A+ Certified "Cedo nulli."----- Original Message ----- From: "smyrum" <smyrum () bresnan net>To: "'Duston Sickler'" <dustons () charter net> Sent: Saturday, August 16, 2003 12:05 PM Subject: RE: Network IDSNot certain if you consider Snort with an ACID interface to be a *nix solution. It does work the work it's intended to do with a great deal of flexibility on the user's part. Packet sniffing can be tuned to suit your needs. We use it on a Class B network and I doubt that you could find a better product. It is not a plug and play solution, but neither is network security. -----Original Message----- From: Duston Sickler [mailto:dustons () charter net] Sent: Friday, August 15, 2003 11:30 AM To: security-basics () securityfocus com Subject: Network IDS Hello, I would like to thank in advance everyone who is out of the office. I really do like to hear about it. The Network Administrator for the company I work for has charged me to locate a Network Intrusion Detection System. We do have a monitored firewall between us and the outside world. We need something to protect our servers from anyone coming from the inside. We have about 20 Windows 2000 Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations. We live in a 100% Windows world and the powers that be will not be receptive to any *nix solutions. We are more the willing to pay for a top of the line product as long is it is in fact top of the line. Currently I have been looking at the Symantec Gateway Device. We like the idea of a stand alone piece of hardware. The only problem is we already have a gateway server washing our email of viruses and 99% of Spam. Does anyone have any comments on the Symantec Gateway device? We have had excellent experiences with there Gateway software and NAV Corp. Does anyone have a different or better device that they could point me towards? I would like to thank everyone who replies to this post. I have learned a great deal being on this list the last year and will continue to appreciate all the expertise that is freely given here. Duston Sickler CompTIA A+ Certified "Cedo nulli." ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.510 / Virus Database: 307 - Release Date: 8/14/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.510 / Virus Database: 307 - Release Date: 8/14/2003--------------------------------------------------------------------------- ----------------------------------------------------------------------------
- --
- -simon- Tibetan "Book of the Dead," ca. 4000 BC. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/S7jSf3Elv1PhzXgRAlVpAKCj7G3seqeXcr2wiQJySQf/OpPIMACeJ3nN xA0vzAYRRAtVmah8bL5mCcA= =6zjr -----END PGP SIGNATURE----- ---------------------------------------------------------------------------Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
Current thread:
- RE: Network IDS, (continued)
- RE: Network IDS Stuart (Aug 16)
- Re: Network IDS Andy Cuff [talisker] (Aug 18)
- Re: Network IDS Lukas Sosnovec (Aug 18)
- Re: Network IDS Adam Newhard (Aug 18)
- Re: Network IDS Attila Nagy (Aug 22)
- Re: Network IDS Gopinath (Aug 25)
- RE: Network IDS Krueger, Brian (Aug 16)
- Re: Network IDS Duston Sickler (Aug 16)
- expert? (was: Re: Network IDS James W. Meritt (Aug 18)
- Re: Network IDS Schneider Sebastian (Aug 18)
- Re: Network IDS -SIMON- (Aug 27)
- RE: Network IDS McGill, Lachlan (Aug 18)
- RE: Network IDS Meidinger Chris (Aug 18)
- RE: Network IDS Dave Killion (Aug 26)