Educause Security Discussion mailing list archives
Re: Intrusion Detection Recommendations
From: James Riden <j.riden () MASSEY AC NZ>
Date: Wed, 10 Aug 2005 09:03:06 +1200
Mike Radomski <Mike.Radomski () ITEC SUNY EDU> writes:
Hello,
We are currently looking at different alternatives to our Snort implementation for and IDS. We currently run Snort+ACID on a SPAN port. It works well, but would like a more robust system that is capable of anomaly detection, flow analysis, etc. I am wondering what everyone uses for IDS/IPS? Do you use a combination of open source tools, a commercial software solution, or a commercial hardware solution? What are the advantages of your implementation? Disadvantages? Thanks!
We're using a couple of snort sensors and a BASE console - BASE is an actively maintained fork of ACID. I'm guessing you know the advantages and disadvantages of this situation - very good if properly tuned, but rule maintenance and customisation can be a bit of an issue. Wading through the alerts can be a bit of a chore as well. For the future we're thinking about Juniper's ISG2000 IPS product and we're looking at a trial of Sourcefire's RNA appliances. RNA should enable us to prioritise alerts much better and also keep an eye on services popping up where they shouldn't be. cheers, Jamie -- James Riden / j.riden () massey ac nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/
Current thread:
- Re: Intrusion Detection Recommendations, (continued)
- Re: Intrusion Detection Recommendations Gibbs, Aaron M. (Aug 09)
- Re: Intrusion Detection Recommendations Gary Dobbins (Aug 09)
- Re: Intrusion Detection Recommendations Cebulski, John (Aug 09)
- Re: Intrusion Detection Recommendations wcon (Aug 09)
- Re: Intrusion Detection Recommendations Dean De Beer (Aug 09)
- Re: Intrusion Detection Recommendations Graham Toal (Aug 09)
- Re: Intrusion Detection Recommendations Jason Richardson (Aug 09)
- Re: Intrusion Detection Recommendations Wes Simons (Aug 09)
- Re: Intrusion Detection Recommendations John Kemp (Aug 09)
- Re: Intrusion Detection Recommendations Scott Genung (Aug 09)
- Re: Intrusion Detection Recommendations James Riden (Aug 09)
- Re: Intrusion Detection Recommendations Gary Flynn (Aug 12)