Re: Suggestion for IDS

[Valdis.Kletnieks () vt edu]

On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said:

> Our company plan to install IDS to protect our resources, I'm already read
> about snort as NIDS, but, that's software based. I'm interesting with
> hardware based that will work transparently with our Cisco PIX, no need to
> make changes in our firewall. What's your suggestion.

Step 1: Learn that there's no *true* hardware-based solutions here.  What you're
really buying is a box with a CPU, some memory, a network interface or three,
and some software.  Many "hardware" IDS are in fact just Snort-in-a-box, or
optimized-Snort-in-a-box.  Others will be some other "software in a box".

To understand why, consider why you can't get a high-speed line card from Cisco
(which *are* lots of black-magic ASIC hardware) to do any significant filtering
to the level that Snort inspects packets....

Step 2:  An IDS doesn't *protect* your resources, any more than a concealed
video surveillance camera protects anything.  It may tell you who did it, and
what they did, *after the fact*, but it won't *protect* you. (At least a
*visible* video cam might make the malefactor think twice - but who *ever*
has an IDS that's as visible as (say) the video cameras in a bank lobby??) :)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/