Re: Network IDS

[José Joaquín <jostein_svq () hotmail com>]

Hi there!

Have a look at ISS products: network sensor and 'new-brand' proventia 
(www.iss.net). It may help you to decide that we are already using an ISS 
solution to protect our network from the outside world since a year ago, and 
it really works.

Taking into account your starting point,I reccomend you to install a network 
sensor on a dedicated Windows NT/2000 (if it is the only sensor, you can 
install all architectural components on it) with 2 NIC's: one attached to 
your inside network (for managing purposes) and the other one sniffing the 
traffic (in stealth mode) in front of your firewall.

Kind regards,
Jose Joaquin.



> From: "Duston Sickler" <dustons () charter net>
> To: <focus-ids () securityfocus com>
> Subject: Network IDS
> Date: Sat, 16 Aug 2003 10:48:02 -0500
>
> Hello,
>
> I would like to thank in advance everyone who is out of the office.  I
> really do like to hear about it.
>
> The Network Administrator for the company I work for has charged me to
> locate a Network Intrusion Detection System.  We do have a monitored
> firewall between us and the outside world.  We need something to protect 
> our
> servers from anyone coming from the inside.  We have about 20 Windows 2000
> Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations.
>
> We live in a 100% Windows world and the powers that be will not be 
> receptive
> to any *nix solutions.  We are more the willing to pay for a top of the 
> line
> product as long is it is in fact top of the line.
>
> Currently I have been looking at the Symantec Gateway Device.  We like the
> idea of a stand alone piece of hardware.  The only problem is we already
> have a gateway server washing our email of viruses and 99% of Spam.
>
> Does anyone have any comments on the Symantec Gateway device?  We have had
> excellent experiences with there Gateway software and NAV Corp.  Does 
> anyone
> have a different or better device that they could point me towards?
>
> I would like to thank everyone who replies to this post.  I have learned a
> great deal being on this list the last year and will continue to appreciate
> all the expertise that is freely given here.
>
> Duston Sickler
> CompTIA A+ Certified
> "Cedo nulli."
>
>
> ---------------------------------------------------------------------------
> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Automatically Control P2P, IM and Spam Traffic
>  - Ensure Reliable Performance of Mission Critical Applications
> Precisely Define and Implement Network Security and Performance Policies
> **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> Visit us at: http://www.captusnetworks.com/ads/31.htm
> ---------------------------------------------------------------------------

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger:  
http://messenger.microsoft.com/es


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world’s premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------