Security Basics mailing list archives
RE: Network IDS
From: Dave Killion <Dkillion () netscreen com>
Date: Mon, 25 Aug 2003 10:03:14 -0700
<Disclaimer>I work for NetScreen</Disclaimer> Not entirely true, Nagy - Cisco PIX is a custom kernel based on a flavor of BSD, if I recall correctly, which apparently is not appropriate for their environment (no Unix). And the aforementioned SonicWall doesn't do IDS. NetScreen firewalls are a great solution, but the current version doesn't do full IDS. NetScreen has an incredible inline-IDS (we call it the "IDP" = Intrusion Detection and Prevention) but it's a POSIX-based system (closed source = all patches from us), so it also may not be appropriate for Duston's environment. I'd say running the same OS for your firewall as your desktop machines may be a narrow way of thinking - if any vulnerability affects your desktops, that same vulnerability could also affect your firewall. I understand the business sense of it = less IT guys with less skill sets. But the idea of putting all your eggs in one basket is also a well-known business no-no. There's been recent discussion on the consequences of homogeneous networks verses heterogeneous networks on some of the 'advanced' mail lists that you might want to check out. Anyhow, good luck Duston! I hope this information is helpful, Dave Killion Senior Security Engineer Security Group, NetScreen Technologies, Inc. -----Original Message----- From: Attila Nagy [mailto:nagya () omikron hu] Sent: Friday, August 22, 2003 12:29 AM To: Duston Sickler Cc: security-basics () securityfocus com Subject: Re: Network IDS Hello, I'm using cisco products: Cisco Secure PIX firewall and Cisco Secure Intrusion Detection System. Both of them hardware solution. nagy(A) 2003-08-15, p keltezéssel Duston Sickler ezt írta:
Hello, I would like to thank in advance everyone who is out of the office. I really do like to hear about it. The Network Administrator for the company I work for has charged me to locate a Network Intrusion Detection System. We do have a monitored firewall between us and the outside world. We need something to
protect our
servers from anyone coming from the inside. We have about 20 Windows
2000
Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations. We live in a 100% Windows world and the powers that be will not be
receptive
to any *nix solutions. We are more the willing to pay for a top of
the line
product as long is it is in fact top of the line. Currently I have been looking at the Symantec Gateway Device. We like
the
idea of a stand alone piece of hardware. The only problem is we
already
have a gateway server washing our email of viruses and 99% of Spam. Does anyone have any comments on the Symantec Gateway device? We have
had
excellent experiences with there Gateway software and NAV Corp. Does
anyone
have a different or better device that they could point me towards? I would like to thank everyone who replies to this post. I have
learned a
great deal being on this list the last year and will continue to
appreciate
all the expertise that is freely given here. Duston Sickler CompTIA A+ Certified "Cedo nulli."
------------------------------------------------------------------------ ---
------------------------------------------------------------------------ ----
------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ ------------------------------------------------------------------------ --- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ------------------------------------------------------------------------ ----
Attachment:
smime.p7s
Description:
Current thread:
- Re: Network IDS, (continued)
- Re: Network IDS Adam Newhard (Aug 18)
- Re: Network IDS Attila Nagy (Aug 22)
- Re: Network IDS Gopinath (Aug 25)
- RE: Network IDS Krueger, Brian (Aug 16)
- Re: Network IDS Duston Sickler (Aug 16)
- expert? (was: Re: Network IDS James W. Meritt (Aug 18)
- Re: Network IDS Schneider Sebastian (Aug 18)
- Re: Network IDS -SIMON- (Aug 27)
- RE: Network IDS McGill, Lachlan (Aug 18)
- RE: Network IDS Meidinger Chris (Aug 18)
- RE: Network IDS Dave Killion (Aug 26)