Re: IDS-IPS Recommendations

[jeffrey rivero <jeffr76 () yahoo com>]

is this in addition to a current firewall or in place of one
there are a few good ones out there
Cisco is great but they can be harder to maintain for the non cisco-it's
have a look at SNORT (open source easy to use, ACID, or BASE can help 
(we use the ACID console)
there are embedded solutions that will make the setup a snap
we currently have 1 cisco device and 3 SNORT boxes
snort is a nice IDS but it does take a bit of power to run it
we hover at about 8Mb and our boarder snort box (cel 2.x 256 M ram) was 
vary busy it has been upgraded to duel optrons and now screams

www.Astaro.com has a nice Snort setup have a look at them

Al Cooper wrote:
> There are only about 150 users so we are not talking about a lot of traffic.
> I would guess less than 5MB.
>
> -----Original Message-----
> From: jeffrey rivero [mailto:jeffr76 () yahoo com] 
> Sent: Thursday, October 18, 2007 9:35 AM
> To: Al Cooper
> Cc: security-basics () securityfocus com
> Subject: Re: IDS-IPS Recommendations
>
> how much traffic are we talking about
> ~2Mb+ ??
>
> Al Cooper wrote:
> > I am looking at installing an IDS or IPS system for a small company (150
> > computers) the is very security conscious.   Since I am very familiar with
> > Cisco am looking at a Cisco ASA5510 IPS edition.   
> >
> > What are your experiences with the 5510?  What are the real life good and
> > bad points of this system?
> >
> > What other systems should I consider?  
> >
> > My budget is $10.000.
> >
> > Thanks for your help,