Security Basics mailing list archives
RE: MS Admin frendily *nix distrobution / Re: to the RE:s Window s IDS
From: "Halverson, Chris" <chris.halverson () encana com>
Date: Wed, 12 Nov 2003 06:15:18 -0700
Interesting reading on this topic. http://www.newsforge.com/os/03/10/09/0552252.shtml?tid=13 -----Original Message----- From: me null [mailto:me_null () hotmail com] Sent: Monday, November 10, 2003 7:12PM To: jimit () myrealbox com; security-basics () securityfocus com Subject: MS Admin frendily *nix distrobution / Re: to the RE:s Windows IDS Well i must say i am verry happy with the amount of replys i recieved on this thread. sry bout the delay in my responce, all ov your input was very nice and sry bout noot looking as well as i should have on snort.org As far as *nix goes, i have been planing on getting a distro. and learning *nix ive just been very bussy latly. I was over on technet the otherday and noticed thay smartly made the conversion from *nix > M$ alot eayser via there doc on x-fering *nix knowladge to M$. i havnt read it but i did have 2 questions... 1 witch distrobution makes the eaysest transition from MS > *nix? 2 is there a doc the opsite of the 1 MS made? i sapose i could reverse enginer it but id rather not have to you can turn off / close all of the ports in MS atleast in 2k3 i havnt tryed it in 2k yes even 135tcp i dont mean block but close the ports. (tho u can block access to them 3 times over aswell) what i lack in *nix knowlage i make up for in MS - thx again - me
From: Jimi Thompson <jimit () myrealbox com> To: "me null" <me_null () hotmail com>,security-basics () securityfocus com Subject: Re: Windows IDS Date: Thu, 6 Nov 2003 22:55:24 -0600 All of the best tools are going to be linux or unix based since they've likely been around longer. Personally, I consider my IDS box to be a bastion host and I try to lock it down as best I can. That's very difficult to do with Windows unless you want a very broken machine. It's much easier to do with Linux or Unix. Frankly, of all the IDS's I've see, commercial and open source, SNORT rates among the highest. I've worked for
larger employers who insisted on testing other products, many that ran well
into 6 figures, but most all of them ended up using SNORT. They may have bought the other stuff, but SNORT definitely has it's place. Combined with
per host firewalls, Tripwire, good perimeter security and Nessus to scan and check on everything, you should be in good very good shape. I'd also suggest that you scavenge something you can load RedHat, Mandrake, or SuSE
on and start getting comfortable with Linux. 2 cents, Jimi At 2:31 PM -0500 11/6/03, me null wrote:Hello everyone, ive seen alot of people recomending snort as an IDS but the only problem w/ that is im running windows. As far as the enviorment the IDS would be in... theres not alot of PCs in it, its a privet network.
The top few things i want are in this order 1 - Security of course, how good the IDS acutualy is 2 - Interface, something that will not be a pain in the arse to have to deal with 3 - Price, null = best 4 - Funcontionalty, basic features that make life easyer ie. having logs sent to a remote pc, ect ect TY BTW about "opensource" things, is the only opensource apps / tools just for non MS platforms? if i made an IDS for windows i would have it be open source _________________________________________________________________ Is your computer infected with a virus? Find out with a FREE computer virus scan from McAfee. Take the FreeScan now! http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 --------------------------------------------------------------------------
-
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ---------------------------------------------------------------------------
-
_________________________________________________________________ Compare high-speed Internet plans, starting at $26.95. https://broadband.msn.com (Prices may vary by service area.) --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- RE: MS Admin frendily *nix distrobution / Re: to the RE:s Window s IDS Halverson, Chris (Nov 13)