Educause Security Discussion mailing list archives

Re: Intrusion Detection Recommendations

From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 12 Aug 2005 10:09:29 -0400

Mike Radomski wrote:


Hello,
We are currently looking at different alternatives to our Snort
implementation for and IDS.  We currently run Snort+ACID on a SPAN port.
 It works well, but would like a more robust system that is capable of
anomaly detection, flow analysis, etc.  I am wondering what everyone
uses for IDS/IPS?  Do you use a combination of open source tools, a
commercial software solution, or a commercial hardware solution?  What
are the advantages of your implementation?  Disadvantages?


We installed Netscreen/Juniper IDPs 16 months ago on
our Internet border and have been very happy with the
functionality they provide. It is so much more
efficient to have recognized attacks (IE exploits,
IM exploits, IIS exploits, etc.) stopped at the border
rather than just being reported to us.

--
Gary Flynn
Security Engineer
James Madison University

Current thread:

Re: Intrusion Detection Recommendations, (continued)
- Re: Intrusion Detection Recommendations Gary Dobbins (Aug 09)
- Re: Intrusion Detection Recommendations Cebulski, John (Aug 09)
- Re: Intrusion Detection Recommendations wcon (Aug 09)
- Re: Intrusion Detection Recommendations Dean De Beer (Aug 09)
- Re: Intrusion Detection Recommendations Graham Toal (Aug 09)
- Re: Intrusion Detection Recommendations Jason Richardson (Aug 09)
- Re: Intrusion Detection Recommendations Wes Simons (Aug 09)
- Re: Intrusion Detection Recommendations John Kemp (Aug 09)
- Re: Intrusion Detection Recommendations Scott Genung (Aug 09)
- Re: Intrusion Detection Recommendations James Riden (Aug 09)
- Re: Intrusion Detection Recommendations Gary Flynn (Aug 12)