Security Basics mailing list archives

RE: Network IDS

From: "Krueger, Brian" <krueger.b () portseattle org>
Date: Fri, 15 Aug 2003 15:42:52 -0700

You can still be 100% windows and use snort.  http://www.giac.org/practical/gsec/Jeff_Richard_GSEC.pdf has a good write 
up on how to setup snort and acid on windows using a mysql database. I've never used symantec but snort does an 
excellent Host-based intrusion detection.

Brian Krueger - CCNA

-----Original Message-----
From: Duston Sickler [mailto:dustons () charter net]
Sent: Friday, August 15, 2003 10:30 AM
To: security-basics () securityfocus com
Subject: Network IDS

Hello,

I would like to thank in advance everyone who is out of the office.  I
really do like to hear about it.

The Network Administrator for the company I work for has charged me to
locate a Network Intrusion Detection System.  We do have a monitored
firewall between us and the outside world.  We need something to protect our
servers from anyone coming from the inside.  We have about 20 Windows 2000
Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations.

We live in a 100% Windows world and the powers that be will not be receptive
to any *nix solutions.  We are more the willing to pay for a top of the line
product as long is it is in fact top of the line.

Currently I have been looking at the Symantec Gateway Device.  We like the
idea of a stand alone piece of hardware.  The only problem is we already
have a gateway server washing our email of viruses and 99% of Spam.

Does anyone have any comments on the Symantec Gateway device?  We have had
excellent experiences with there Gateway software and NAV Corp.  Does anyone
have a different or better device that they could point me towards?

I would like to thank everyone who replies to this post.  I have learned a
great deal being on this list the last year and will continue to appreciate
all the expertise that is freely given here.

Duston Sickler
CompTIA A+ Certified
"Cedo nulli."

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Network IDS, (continued)
- Re: Network IDS Logan Rogers-Follis - TNTNetworx.net (Aug 16)
  - Re: Network IDS Duston Sickler (Aug 16)
- Re: Network IDS Gabriel Orozco (Aug 16)
- Re: Network IDS cc (Aug 16)
- RE: Network IDS Stuart (Aug 16)
- Re: Network IDS Andy Cuff [talisker] (Aug 18)
- Re: Network IDS Lukas Sosnovec (Aug 18)
- Re: Network IDS Adam Newhard (Aug 18)
- Re: Network IDS Attila Nagy (Aug 22)
  - Re: Network IDS Gopinath (Aug 25)
- RE: Network IDS Krueger, Brian (Aug 16)
- Re: Network IDS Duston Sickler (Aug 16)
  - expert? (was: Re: Network IDS James W. Meritt (Aug 18)
  - Re: Network IDS Schneider Sebastian (Aug 18)
  - Re: Network IDS -SIMON- (Aug 27)
- RE: Network IDS McGill, Lachlan (Aug 18)
- RE: Network IDS Meidinger Chris (Aug 18)
- RE: Network IDS Dave Killion (Aug 26)