IDS mailing list archives
RE: Network IDS
From: "Zach Forsyth" <Zach.Forsyth () kiandra com>
Date: Fri, 22 Aug 2003 10:29:38 +1000
Yeah a NID does nothing to help you protect your systems... DMZ and locked down network services are all you need and will protect you against everything... What sage advice, maybe you should install zone alarm on all the systems as well. DMZ and lockdown is a single stage, in what I would hope is a much broader strategy. Duston, For your particular situation I would look into deploing a NID at the gateway, that will be able to inspect all of the traffic flows that are important to you. I personally enjoy deploying snort, and believe it is a very capable system that can be tuned and configured to do amazing things for an open source product. May not be for you as I found the windows version, is not as nice to play with as the *nix versions. Never did quiet work out how to see how many packets snort was dropping (or not) under windows. Out of the NIDS based products I like Enterasys Dragon based systems, and would happily recommend them. Then I would look into deploying a HID based technology to really protect anything deemed highly critical to your business. I have had some fun with Okena StormWatch and would recommend that. It has now been purchased by Cisco and has been rename Cisco Security Agent. The server agents are easily tuned to quite complex systems, and all management is handled centrally by one management console. Another NID of interest may be Entercept, but I gave up on the after having no luck getting decent communication with anyone there. Definitely get out there and evaluate as many technologies as possible. These are all just my humble opinion and I am sure a great many people will disagree with something I have said. Bit like Andreas email. Good luck with your search. Zach -----Original Message----- From: Andreas Krennmair [mailto:netnews () synflood at] Sent: Wednesday, 20 August 2003 5:03 AM To: focus-ids () securityfocus com Subject: Re: Network IDS * Duston Sickler <dustons () charter net> [gmane.comp.security.ids]:
The Network Administrator for the company I work for has charged me to locate a Network Intrusion Detection System. We do have a monitored firewall between us and the outside world. We need something to protect our servers from anyone coming from the inside.
Then a NIDS is not the right thing for you. Network Intrusion Detection is not about protecting systems.
We have about 20 Windows 2000 Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations.
Put the servers into a demilitarized zone and turn off any network services that are running on the workstations/thin clients. regards, ak --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂ's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com --------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- Re: Network IDS, (continued)
- Re: Network IDS Mark Teicher (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Andreas Krennmair (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 26)
- Re: Network IDS Gary Flynn (Aug 21)
- RE: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS Joel Snyder (Aug 26)
- Re: Network IDS Andreas Krennmair (Aug 26)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Mark Teicher (Aug 28)
- Re: Network IDS Stephen P. Berry (Aug 29)