RE: Network IDS

[Dave Killion <Dkillion () netscreen com>]

<Disclaimer>I work for NetScreen</Disclaimer>

Not entirely true, Nagy - Cisco PIX is a custom kernel based on a flavor
of BSD, if I recall correctly, which apparently is not appropriate for
their environment (no Unix).

And the aforementioned SonicWall doesn't do IDS.

NetScreen firewalls are a great solution, but the current version
doesn't do full IDS.  NetScreen has an incredible inline-IDS (we call it
the "IDP" = Intrusion Detection and Prevention) but it's a POSIX-based
system (closed source = all patches from us), so it also may not be
appropriate for Duston's environment.

I'd say running the same OS for your firewall as your desktop machines
may be a narrow way of thinking - if any vulnerability affects your
desktops, that same vulnerability could also affect your firewall.  I
understand the business sense of it = less IT guys with less skill sets.
But the idea of putting all your eggs in one basket is also a well-known
business no-no.

There's been recent discussion on the consequences of homogeneous
networks verses heterogeneous networks on some of the 'advanced' mail
lists that you might want to check out.

Anyhow, good luck Duston!

I hope this information is helpful, 

Dave Killion 
Senior Security Engineer 
Security Group, NetScreen Technologies, Inc.



-----Original Message-----
From: Attila Nagy [mailto:nagya () omikron hu]
Sent: Friday, August 22, 2003 12:29 AM
To: Duston Sickler
Cc: security-basics () securityfocus com
Subject: Re: Network IDS


Hello,

I'm using cisco products: Cisco Secure PIX firewall and Cisco Secure
Intrusion Detection System. Both of them hardware solution.

nagy(A)


2003-08-15, p keltezéssel Duston Sickler ezt írta:
> Hello,
>
> I would like to thank in advance everyone who is out of the office.  I
> really do like to hear about it.
>
> The Network Administrator for the company I work for has charged me to
> locate a Network Intrusion Detection System.  We do have a monitored
> firewall between us and the outside world.  We need something to
protect
our
> servers from anyone coming from the inside.  We have about 20 Windows
2000
> Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations.
>
> We live in a 100% Windows world and the powers that be will not be
receptive
> to any *nix solutions.  We are more the willing to pay for a top of
the
line
> product as long is it is in fact top of the line.
>
> Currently I have been looking at the Symantec Gateway Device.  We like
the
> idea of a stand alone piece of hardware.  The only problem is we
already
> have a gateway server washing our email of viruses and 99% of Spam.
>
> Does anyone have any comments on the Symantec Gateway device?  We have
had
> excellent experiences with there Gateway software and NAV Corp.  Does
anyone
> have a different or better device that they could point me towards?
>
> I would like to thank everyone who replies to this post.  I have
learned a
> great deal being on this list the last year and will continue to
appreciate
> all the expertise that is freely given here.
>
> Duston Sickler
> CompTIA A+ Certified
> "Cedo nulli."
------------------------------------------------------------------------
---
>
------------------------------------------------------------------------
----
>



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________

------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Federal, September 29-30
(Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event
in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
------------------------------------------------------------------------
----

Attachment: smime.p7s
Description: