Security Basics mailing list archives

Re: Network IDS

From: -SIMON- <simon () snosoft com>
Date: Tue, 26 Aug 2003 15:45:22 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is an article that I wrote for masshightech regarding network basedintrusion detection systems. It outlines in very high level what theissues are but doesn't get too technical. I'd like to know what peoplethink about the article, and I do realize that its got marketingmaterials in it... thank you marketing staff... but the content is, inmy opinion still fairly reasonable and a good read for starters.


http://www.masshightech.com/displayarticledetail.asp?art_id=63368&cat_id=


Duston Sickler wrote:

Snort was my first recommendation.  However the Network Administrator is of
the attitude that free software = cheap or lower class software.  He also
didn't like the fact the there was no tech support we could call.

Duston Sickler
CompTIA A+ Certified
"Cedo nulli."

----- Original Message -----From: "smyrum" <smyrum () bresnan net>

To: "'Duston Sickler'" <dustons () charter net>
Sent: Saturday, August 16, 2003 12:05 PM
Subject: RE: Network IDS

Not certain if you consider Snort with an ACID interface to be a *nix
solution.  It does work the work it's intended to do with a great deal
of flexibility on the user's part.  Packet sniffing can be tuned to suit
your needs.  We use it on a Class B network and I doubt that you could
find a better product.  It is not a plug and play solution, but neither
is network security.

-----Original Message-----
From: Duston Sickler [mailto:dustons () charter net]
Sent: Friday, August 15, 2003 11:30 AM
To: security-basics () securityfocus com
Subject: Network IDS

Hello,

I would like to thank in advance everyone who is out of the office.  I
really do like to hear about it.

The Network Administrator for the company I work for has charged me to
locate a Network Intrusion Detection System.  We do have a monitored
firewall between us and the outside world.  We need something to protect
our
servers from anyone coming from the inside.  We have about 20 Windows
2000
Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations.

We live in a 100% Windows world and the powers that be will not be
receptive
to any *nix solutions.  We are more the willing to pay for a top of the
line
product as long is it is in fact top of the line.

Currently I have been looking at the Symantec Gateway Device.  We like
the
idea of a stand alone piece of hardware.  The only problem is we already
have a gateway server washing our email of viruses and 99% of Spam.

Does anyone have any comments on the Symantec Gateway device?  We have
had
excellent experiences with there Gateway software and NAV Corp.  Does
anyone
have a different or better device that they could point me towards?

I would like to thank everyone who replies to this post.  I have learned
a
great deal being on this list the last year and will continue to
appreciate
all the expertise that is freely given here.

Duston Sickler
CompTIA A+ Certified
"Cedo nulli."


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.510 / Virus Database: 307 - Release Date: 8/14/2003


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.510 / Virus Database: 307 - Release Date: 8/14/2003




---------------------------------------------------------------------------
----------------------------------------------------------------------------

- --

- -simon-

         Tibetan "Book of the Dead," ca. 4000 BC.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/S7jSf3Elv1PhzXgRAlVpAKCj7G3seqeXcr2wiQJySQf/OpPIMACeJ3nN
xA0vzAYRRAtVmah8bL5mCcA=
=6zjr
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------

Attend Black Hat Briefings & Training Federal, September 29-30 (Training),October 1-2 (Briefings) in Tysons Corner, VA; the world's premiertechnical IT security event. Modeled after the famous Black Hat event inLas Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com

----------------------------------------------------------------------------

Current thread:

RE: Network IDS, (continued)
- RE: Network IDS Stuart (Aug 16)
- Re: Network IDS Andy Cuff [talisker] (Aug 18)
- Re: Network IDS Lukas Sosnovec (Aug 18)
- Re: Network IDS Adam Newhard (Aug 18)
- Re: Network IDS Attila Nagy (Aug 22)
  - Re: Network IDS Gopinath (Aug 25)
- RE: Network IDS Krueger, Brian (Aug 16)
- Re: Network IDS Duston Sickler (Aug 16)
  - expert? (was: Re: Network IDS James W. Meritt (Aug 18)
  - Re: Network IDS Schneider Sebastian (Aug 18)
  - Re: Network IDS -SIMON- (Aug 27)
- RE: Network IDS McGill, Lachlan (Aug 18)
- RE: Network IDS Meidinger Chris (Aug 18)
- RE: Network IDS Dave Killion (Aug 26)