RE: Network IDS

["Terry Ziemniak" <tmz () hawk swc com>]

Duston,

I am personally a fan of both Symantec's firewall offerings (SEF & SGS)
as well as their NIDS (Manhunt).  However be warned that SGS' NIDS in
not Manhunt.  It is a signature based NIDS.  Manhunt's capabilities come
from the fact that it detects protocol anomalies versus strictly
signature based analysis (and is itself arguably 'top of the line').

SGS NIDS capabilities may be sufficient for some, but I would not state
that it is top of line.  SGS advantage is good products, easy
management, and economies of scale.  On that note, SGS' anti-virus and
content filtering offerings are pretty good (basically NAV and
WebSecurity slapped on the box).

Also, I am pretty sure that you have to license the whole bundle (FW,
AV, NIDS and content filtering).  This is a silly licensing scheme that
I hope Symantec will change soon.

PS - I gave the product names where applicable so you can look up
details on Symantec's web site if you interested in more details.

Terry

-----Original Message-----
From: Duston Sickler [mailto:dustons () charter net] 
Sent: Saturday, August 16, 2003 10:48 AM
To: focus-ids () securityfocus com
Subject: Network IDS

Hello,

I would like to thank in advance everyone who is out of the office.  I
really do like to hear about it.

The Network Administrator for the company I work for has charged me to
locate a Network Intrusion Detection System.  We do have a monitored
firewall between us and the outside world.  We need something to protect
our
servers from anyone coming from the inside.  We have about 20 Windows
2000
Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations.

We live in a 100% Windows world and the powers that be will not be
receptive
to any *nix solutions.  We are more the willing to pay for a top of the
line
product as long is it is in fact top of the line.

Currently I have been looking at the Symantec Gateway Device.  We like
the
idea of a stand alone piece of hardware.  The only problem is we already
have a gateway server washing our email of viruses and 99% of Spam.

Does anyone have any comments on the Symantec Gateway device?  We have
had
excellent experiences with there Gateway software and NAV Corp.  Does
anyone
have a different or better device that they could point me towards?

I would like to thank everyone who replies to this post.  I have learned
a
great deal being on this list the last year and will continue to
appreciate
all the expertise that is freely given here.

Duston Sickler
CompTIA A+ Certified
"Cedo nulli."


------------------------------------------------------------------------
---
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
VA; the world’s premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------