Security Basics mailing list archives
RE: Need recommendations about IDS Systems
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Wed, 29 Jan 2003 12:34:07 -0000
I agree with Ivan Coric, snort is great and acid too. Demarc gets good press and it deserves it but you pay for it now. Look at MRTG for routers activity which is worth noting in an IDS system. Tripwire is also worth a note for host based intrusion detection. Add arpwatch for mac addresses being introduced to your network. Put the whole lot on a single linux machine with a web interface and you have a very nice solution. Google searches will find you everything you need to know on the above. Hope this helps Trevor Cushen -----Original Message----- From: Ivan Coric [mailto:ivan.coric () workcoverqld com au] Sent: 28 January 2003 00:50 To: securityfocus () different-thinking de; JFountain () rbinc com; security-basics () securityfocus com Subject: RE: Need recommendations about IDS Systems Hi Jenn take a look at snort, but also consider ACID http://www.cert.org/kb/acid/ Have multiple snort sensors logging to a mysql DB and use ACID to view it via a web browser. Its great! cheers Ivan Coric IT Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: ivan.coric () workcoverqld com au
"Robert Sieber" <securityfocus () different-thinking de> 01/28/03
06:44am >>> I think you should give snort a closer look! Robert -- http://board.protecus.de - Firewalls, Security and more ... www.different-thinking.de - Netze, Protokolle, Sicherheit, ...
-----Original Message----- From: Jennifer Fountain [mailto:JFountain () rbinc com] Sent: Friday, January 24, 2003 8:44 PM To: security-basics () securityfocus com Subject: Need recommendations about IDS Systems I have been looking at a couple IDS systems and reading reviews. My
head =
hurts :) Any recommendations ? I want something to sit inside my = network, in the DMZ and outside. I want it to also email me and send
=
information to my syslog server. OS doesn't matter. I can do nt or
=
linux. thanks! Thank you Jenn Fountain
************************************************************************ *** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** ************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or postmaster () sysnet ie **************************************************************************************
Current thread:
- RE: Need recommendations about IDS Systems Robert Sieber (Jan 27)
- <Possible follow-ups>
- RE: Need recommendations about IDS Systems Ivan Coric (Jan 28)
- RE: Need recommendations about IDS Systems Chris Berry (Jan 28)
- RE: Need recommendations about IDS Systems Benjamin Meade (Jan 29)
- RE: Need recommendations about IDS Systems Moeckel, Sharon (Jan 29)
- RE: Need recommendations about IDS Systems Mel (Jan 29)
- RE: Need recommendations about IDS Systems Daniel R. Miessler (Jan 30)
- RE: Need recommendations about IDS Systems Trevor Cushen (Jan 29)
- RE: Need recommendations about IDS Systems Ivan Coric (Jan 29)
- Re: Need recommendations about IDS Systems Nicole Nicholson (Jan 29)
- RE: Need recommendations about IDS Systems James Taylor (Jan 30)
- Re: Need recommendations about IDS Systems theog (Jan 30)