Security Basics mailing list archives

Re: Network IDS

From: "Duston Sickler" <dustons () charter net>
Date: Sat, 16 Aug 2003 14:17:23 -0500

Snort was my first recommendation.  However the Network Administrator is of
the attitude that free software = cheap or lower class software.  He also
didn't like the fact the there was no tech support we could call.

Duston Sickler
CompTIA A+ Certified
"Cedo nulli."
----- Original Message ----- 
From: "smyrum" <smyrum () bresnan net>
To: "'Duston Sickler'" <dustons () charter net>
Sent: Saturday, August 16, 2003 12:05 PM
Subject: RE: Network IDS

Not certain if you consider Snort with an ACID interface to be a *nix
solution.  It does work the work it's intended to do with a great deal
of flexibility on the user's part.  Packet sniffing can be tuned to suit
your needs.  We use it on a Class B network and I doubt that you could
find a better product.  It is not a plug and play solution, but neither
is network security.

-----Original Message-----
From: Duston Sickler [mailto:dustons () charter net]
Sent: Friday, August 15, 2003 11:30 AM
To: security-basics () securityfocus com
Subject: Network IDS

Hello,

I would like to thank in advance everyone who is out of the office.  I
really do like to hear about it.

The Network Administrator for the company I work for has charged me to
locate a Network Intrusion Detection System.  We do have a monitored
firewall between us and the outside world.  We need something to protect
our
servers from anyone coming from the inside.  We have about 20 Windows
2000
Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations.

We live in a 100% Windows world and the powers that be will not be
receptive
to any *nix solutions.  We are more the willing to pay for a top of the
line
product as long is it is in fact top of the line.

Currently I have been looking at the Symantec Gateway Device.  We like
the
idea of a stand alone piece of hardware.  The only problem is we already
have a gateway server washing our email of viruses and 99% of Spam.

Does anyone have any comments on the Symantec Gateway device?  We have
had
excellent experiences with there Gateway software and NAV Corp.  Does
anyone
have a different or better device that they could point me towards?

I would like to thank everyone who replies to this post.  I have learned
a
great deal being on this list the last year and will continue to
appreciate
all the expertise that is freely given here.

Duston Sickler
CompTIA A+ Certified
"Cedo nulli."


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.510 / Virus Database: 307 - Release Date: 8/14/2003


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.510 / Virus Database: 307 - Release Date: 8/14/2003



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Network IDS, (continued)
- - Re: Network IDS Duston Sickler (Aug 16)
- Re: Network IDS Gabriel Orozco (Aug 16)
- Re: Network IDS cc (Aug 16)
- RE: Network IDS Stuart (Aug 16)
- Re: Network IDS Andy Cuff [talisker] (Aug 18)
- Re: Network IDS Lukas Sosnovec (Aug 18)
- Re: Network IDS Adam Newhard (Aug 18)
- Re: Network IDS Attila Nagy (Aug 22)
  - Re: Network IDS Gopinath (Aug 25)
- RE: Network IDS Krueger, Brian (Aug 16)
- Re: Network IDS Duston Sickler (Aug 16)
  - expert? (was: Re: Network IDS James W. Meritt (Aug 18)
  - Re: Network IDS Schneider Sebastian (Aug 18)
  - Re: Network IDS -SIMON- (Aug 27)
- RE: Network IDS McGill, Lachlan (Aug 18)
- RE: Network IDS Meidinger Chris (Aug 18)
- RE: Network IDS Dave Killion (Aug 26)