RE: Network IDS

["Fergus Brooks" <fergusb () evolve-online com>]

Big brother is watching so I'll be careful.

I have had a fair amount of exposure to the Symantec Gateway Security
boxes and can offer a few comments.

The SGS is a combination of Raptor firewall (Symantec Enterprise
Firewall), gateway AV scanner and signature-based Network IDS with some
content filtering as well.

It runs on hardened Linux but is sold as an appliance - there is a VT100
terminal as part of the console and though you shouldn't have to access
that - however advanced troubleshooting may require access to the
operating system.

Unfortunately I have found the IDS to be fairly token. I believe there
are only around 1000 sigs and the updates are not that frequent. It is
certainly not in the league of Symantec's own enterprise NIDS Manhunt.
It really is a value add to the Raptor firewall, which is an excellent
application-layer firewall and also the Norton gateway AV is top notch.

I do think it is a great solution for smaller size businesses - it is
certainly very easy to manage and configure. I have heard there are some
enterprise-capable boxes on the way. They also ship with Rainwall
clustering/HA (at an extra cost of course!) so they can scale etc.

So in summary if you are *only looking for an IDS* then the SGS is not
for you. It is a good all-in-one solution. I don't know too much about
Windows IDS systems so I'll leave the recommendations to others on this
list.

Rgds...


-----Original Message-----
From: Duston Sickler [mailto:dustons () charter net] 
Sent: Saturday, 16 August 2003 11:48 PM
To: focus-ids () securityfocus com
Subject: Network IDS


Hello,

I would like to thank in advance everyone who is out of the office.  I
really do like to hear about it.

The Network Administrator for the company I work for has charged me to
locate a Network Intrusion Detection System.  We do have a monitored
firewall between us and the outside world.  We need something to protect
our servers from anyone coming from the inside.  We have about 20
Windows 2000 Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net
workstations.

We live in a 100% Windows world and the powers that be will not be
receptive to any *nix solutions.  We are more the willing to pay for a
top of the line product as long is it is in fact top of the line.

Currently I have been looking at the Symantec Gateway Device.  We like
the idea of a stand alone piece of hardware.  The only problem is we
already have a gateway server washing our email of viruses and 99% of
Spam.

Does anyone have any comments on the Symantec Gateway device?  We have
had excellent experiences with there Gateway software and NAV Corp.
Does anyone have a different or better device that they could point me
towards?

I would like to thank everyone who replies to this post.  I have learned
a great deal being on this list the last year and will continue to
appreciate all the expertise that is freely given here.

Duston Sickler
CompTIA A+ Certified
"Cedo nulli."


------------------------------------------------------------------------
---
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit
us at: http://www.captusnetworks.com/ads/31.htm
------------------------------------------------------------------------
---

--
This message has been scanned by AVMail


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
VA; the world’s premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------