Re: IDS ISS

["David DiGennaro" <DDiGennaro () BostonFinancial com>]

        I implemented just 1 network sensor for ISS Real Secure at a major pediatric facility due to budgetary 
constraints. While it can be done I would not recommend it especially if you have a large complex network. At the very 
least you should deploy some HIDS with it for some added protection. I was required to deploy a Snort server on the 
research side of the network because it was "free". We implemented a centralized log server and parsed the logs since 
we were using a combination of products.
We then had the alerts sent out to a Blackberry unit that was carried by the on-call person.

                                                        D.DiGennaro


                                                        
--------------------------------------------------------------------------------------------------------------------
IMPORTANT NOTICE.  The information contained in this electronic message and any attachments to this message are 
intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are 
not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, 
you are hereby notified that you received this communication in error.  Any review, dissemination, distribution or 
copying of this communication is strictly prohibited.  If you receive this communication in error please send a return 
e-mail, and then delete this message, together with any attachments.  Thank you. 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------