RE: Need recommendations about IDS Systems

["Trevor Cushen" <Trevor.Cushen () sysnet ie>]

I agree with Ivan Coric, snort is great and acid too.  Demarc gets good
press and it deserves it but you pay for it now.  Look at MRTG for
routers activity which is worth noting in an IDS system.  Tripwire is
also worth a note for host based intrusion detection.

Add arpwatch for mac addresses being introduced to your network.  Put
the whole lot on a single linux machine with a web interface and you
have a very nice solution.

Google searches will find you everything you need to know on the above.

Hope this helps

Trevor Cushen




-----Original Message-----
From: Ivan Coric [mailto:ivan.coric () workcoverqld com au] 
Sent: 28 January 2003 00:50
To: securityfocus () different-thinking de; JFountain () rbinc com;
security-basics () securityfocus com
Subject: RE: Need recommendations about IDS Systems


Hi Jenn
take a look at snort, but also consider ACID
http://www.cert.org/kb/acid/ Have multiple snort sensors logging to a
mysql DB and use ACID to view it via a web browser. Its great!

cheers


Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric () workcoverqld com au

> > > "Robert Sieber" <securityfocus () different-thinking de> 01/28/03
06:44am >>>
I think you should give snort a closer look!

Robert

--
http://board.protecus.de - Firewalls, Security and more ...
www.different-thinking.de - Netze, Protokolle, Sicherheit, ...



> -----Original Message-----
> From: Jennifer Fountain [mailto:JFountain () rbinc com]
> Sent: Friday, January 24, 2003 8:44 PM
> To: security-basics () securityfocus com 
> Subject: Need recommendations about IDS Systems
>
>
> I have been looking at a couple IDS systems and reading reviews. My
head =
> hurts :)  Any recommendations ?  I want something to sit inside my = 
> network, in the DMZ and outside.  I want it to also email me and send
=
> information to my syslog server.  OS doesn't matter. I can do nt or
=
> linux.
> thanks!
>
>
>
> Thank you
> Jenn Fountain







************************************************************************
***
Messages included in this e-mail and any of its attachments are those of
the author unless specifically stated to represent WorkCover Queensland.
The contents of this message are to be used for the intended purpose
only and are to be kept confidential at all times. This message may
contain privileged information directed only to the intended
addressee/s. Accidental receipt of this information should be deleted
promptly and the sender notified. This e-mail has been scanned by Sophos
for known viruses. However, no warranty nor liability is implied in this
respect.
**********************************************************************



**************************************************************************************

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie

**************************************************************************************