RE: Network IDS

[Meidinger Chris <chris.meidinger () badenit de>]

Hallo Duston,

stop by your local (used) bookstore and compare Stephen Northcutt's
definitive Book 'Network Intrusion Detection: An Analyst's Handbook' in
Versions 1, 2 and 3. You will notice his switch from identifying snort as an
option, to mentioning it prominently, to useing is as a basis for almost all
of his examples. At the moment the IDS sector is burping generally because
snort is so good that the commercial products are having a hard time keeping
up. Also the signature base is larger and better than that of any single
commercial vendor.

As far as the no support issue, i am aware of it. Many businesses that i
have dealt with have similar 'problems' or at least we can call them
hang-ups. One argument i have used sucessfully is this: open source software
is cheaper to deploy so that you can use the money it would cost to pay
support and licensing fees to hire a freelance programmer for a month or two
to rewrite the software to fit your needs if you have problems. 

PS: I have lost the URL, but Marty Roesch, the author of snort, has a
consulting business. I am not sure if they are 'supporting' snort, but it
would be worth a check.

badenIT GmbH
System Support
 
Chris Meidinger
Tullastrasse 70
79108 Freiburg
Germany

-----Original Message-----
From: Duston Sickler [mailto:dustons () charter net]
Sent: Friday, August 15, 2003 7:30 PM
To: security-basics () securityfocus com
Subject: Network IDS


Hello,

I would like to thank in advance everyone who is out of the office.  I
really do like to hear about it.

The Network Administrator for the company I work for has charged me to
locate a Network Intrusion Detection System.  We do have a monitored
firewall between us and the outside world.  We need something to protect our
servers from anyone coming from the inside.  We have about 20 Windows 2000
Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations.

We live in a 100% Windows world and the powers that be will not be receptive
to any *nix solutions.  We are more the willing to pay for a top of the line
product as long is it is in fact top of the line.

Currently I have been looking at the Symantec Gateway Device.  We like the
idea of a stand alone piece of hardware.  The only problem is we already
have a gateway server washing our email of viruses and 99% of Spam.

Does anyone have any comments on the Symantec Gateway device?  We have had
excellent experiences with there Gateway software and NAV Corp.  Does anyone
have a different or better device that they could point me towards?

I would like to thank everyone who replies to this post.  I have learned a
great deal being on this list the last year and will continue to appreciate
all the expertise that is freely given here.

Duston Sickler
CompTIA A+ Certified
"Cedo nulli."


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------