Full Disclosure mailing list archives
Re: Suggestion for IDS
From: Valdis.Kletnieks () vt edu
Date: Wed, 28 Sep 2005 05:31:43 -0400
On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said:
Our company plan to install IDS to protect our resources, I'm already read about snort as NIDS, but, that's software based. I'm interesting with hardware based that will work transparently with our Cisco PIX, no need to make changes in our firewall. What's your suggestion.
Step 1: Learn that there's no *true* hardware-based solutions here. What you're really buying is a box with a CPU, some memory, a network interface or three, and some software. Many "hardware" IDS are in fact just Snort-in-a-box, or optimized-Snort-in-a-box. Others will be some other "software in a box". To understand why, consider why you can't get a high-speed line card from Cisco (which *are* lots of black-magic ASIC hardware) to do any significant filtering to the level that Snort inspects packets.... Step 2: An IDS doesn't *protect* your resources, any more than a concealed video surveillance camera protects anything. It may tell you who did it, and what they did, *after the fact*, but it won't *protect* you. (At least a *visible* video cam might make the malefactor think twice - but who *ever* has an IDS that's as visible as (say) the video cameras in a bank lobby??) :)
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Suggestion for IDS Fajar Edisya Putera (Sep 28)
- Re: Suggestion for IDS Valdis . Kletnieks (Sep 28)
- Re: Suggestion for IDS Peer Janssen (Sep 28)
- Re: Suggestion for IDS Valdis . Kletnieks (Sep 28)
- Re: Suggestion for IDS Michael Holstein (Sep 28)
- Re: Suggestion for IDS Joel Esler (Sep 28)
- Re: Suggestion for IDS Peer Janssen (Sep 28)
- Re: Suggestion for IDS Valdis . Kletnieks (Sep 28)
- Re: Suggestion for IDS Michael Holstein (Sep 28)
- Re: Suggestion for IDS Reto Inversini (Sep 28)
- RE: Suggestion for IDS Randall M (Sep 29)
- Re: Suggestion for IDS Paul Schmehl (Sep 28)
- Re: Suggestion for IDS Kevin Pawloski (Sep 28)
- Re: Suggestion for IDS Lew Wolfgang (Sep 28)
- Re: Suggestion for IDS Kevin Pawloski (Sep 28)