IDS mailing list archives
RE: Network IDS
From: <Robert.Lupo () nokia com>
Date: Tue, 19 Aug 2003 12:52:51 -0700
The question should not be so much what product you should buy, but can you properly do IDS? Let me explain. You can buy any device you want and it will be useless unless you know how to read dump files and analyze traffic. Vendor training on a product only teaches you how to use the product but not how to be an IDS analyst. I have seen time and time again people buying a product, getting vendor training and then viewing the logs and thinking "wo ho! I have IDS!" but do you know how to write your own rules, signatures, analyze the traffic for what your company needs? Before you go and buy any product, you should get yourself properly trained, then view the products and figure out what is going to best suit your needs. The SANS IDS course is very good and gives you a good head start in this. I'm not trying to put you down at all, so please forgive me if you got that impression. This situation happens to be a subject for a white paper I am writing. You will be doing your self and the company by buying a product with out truly knowing how IDS works. Now, if you happen to be an IDS specialist, my bad. If not, jump on the SANS page and look for the next class. It is a 6 day course and you will learn a lot. Robert J. Lupo -----Original Message----- From: ext Duston Sickler [mailto:dustons () charter net] Sent: Saturday, August 16, 2003 8:48 AM To: focus-ids () securityfocus com Subject: Network IDS Hello, I would like to thank in advance everyone who is out of the office. I really do like to hear about it. The Network Administrator for the company I work for has charged me to locate a Network Intrusion Detection System. We do have a monitored firewall between us and the outside world. We need something to protect our servers from anyone coming from the inside. We have about 20 Windows 2000 Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations. We live in a 100% Windows world and the powers that be will not be receptive to any *nix solutions. We are more the willing to pay for a top of the line product as long is it is in fact top of the line. Currently I have been looking at the Symantec Gateway Device. We like the idea of a stand alone piece of hardware. The only problem is we already have a gateway server washing our email of viruses and 99% of Spam. Does anyone have any comments on the Symantec Gateway device? We have had excellent experiences with there Gateway software and NAV Corp. Does anyone have a different or better device that they could point me towards? I would like to thank everyone who replies to this post. I have learned a great deal being on this list the last year and will continue to appreciate all the expertise that is freely given here. Duston Sickler CompTIA A+ Certified "Cedo nulli." --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm --------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- Re: Network IDS, (continued)
- Re: Network IDS Barry Fitzgerald (Aug 25)
- Re: Network IDS Andreas Krennmair (Aug 26)
- Re: Network IDS Barry Fitzgerald (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Mark Teicher (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Andreas Krennmair (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 26)
- Re: Network IDS Gary Flynn (Aug 21)
- RE: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS Joel Snyder (Aug 26)
- Re: Network IDS Andreas Krennmair (Aug 26)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Mark Teicher (Aug 28)