Educause Security Discussion mailing list archives
Re: Intrusion Detection Recommendations
From: Gary Dobbins <dobbins () ND EDU>
Date: Tue, 9 Aug 2005 08:30:55 -0500
Rather than ACID (which has apparently fallen out of active maint) we now manage our array or SNORTia with a combination of BASE and Aanval. The former is at no charge, while there is a license required for the latter. Contact me off-list and I'll put you in touch with our engineer who's in charge of the array if you wish more details. Cebulski, John wrote:
I would also suggest that you look at the Intrushield solution by McAfee. ------------------------------------------------------------------------ *From:* Gibbs, Aaron M. [mailto:AMGibbs () ST-AUG EDU] *Sent:* Tuesday, August 09, 2005 8:18 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Intrusion Detection Recommendations We've been looking at Top Layer as and IPS and will be looking at Securiant. -----Original Message----- *From:* Mike Radomski [mailto:Mike.Radomski () ITEC SUNY EDU] *Sent:* Tuesday, August 09, 2005 9:10 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Intrusion Detection Recommendations Hello, We are currently looking at different alternatives to our Snort implementation for and IDS. We currently run Snort+ACID on a SPAN port. It works well, but would like a more robust system that is capable of anomaly detection, flow analysis, etc. I am wondering what everyone uses for IDS/IPS? Do you use a combination of open source tools, a commercial software solution, or a commercial hardware solution? What are the advantages of your implementation? Disadvantages? Thanks! -- Mike Radomski SUNY - ITEC Information Technology Exchange Center Systems Programmer/Analyst E-mail: Mike.Radomski () itec suny edu Systems E-Mail: scsys () itec suny edu Phone: (716)878-4832 Cellular: (716)807-4040 Fax: (716)878-3485 PGP Public Key: http://www2.itec.suny.edu/~radomsmj/mradomski.asc There are only 10 types of people... Those who understand binary and those who don't. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
-- ------------------------------------------------------------ Gary Dobbins, CISSP -- Director, Information Security University of Notre Dame, Office of Information Technologies
Current thread:
- Intrusion Detection Recommendations Mike Radomski (Aug 09)
- <Possible follow-ups>
- Re: Intrusion Detection Recommendations Gibbs, Aaron M. (Aug 09)
- Re: Intrusion Detection Recommendations Gary Dobbins (Aug 09)
- Re: Intrusion Detection Recommendations Cebulski, John (Aug 09)
- Re: Intrusion Detection Recommendations wcon (Aug 09)
- Re: Intrusion Detection Recommendations Dean De Beer (Aug 09)
- Re: Intrusion Detection Recommendations Graham Toal (Aug 09)
- Re: Intrusion Detection Recommendations Jason Richardson (Aug 09)
- Re: Intrusion Detection Recommendations Wes Simons (Aug 09)
- Re: Intrusion Detection Recommendations John Kemp (Aug 09)
- Re: Intrusion Detection Recommendations Scott Genung (Aug 09)
- Re: Intrusion Detection Recommendations James Riden (Aug 09)
- Re: Intrusion Detection Recommendations Gary Flynn (Aug 12)