Solved

Intrusion Detection Systems

Posted on 2001-08-13
20
238 Views
Last Modified: 2010-04-11
Would anyone be willing to share there opinions or recommendations on an Intrusion Detection System?
0
Comment
Question by:vmorales
  • 15
  • 4
20 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
The leading Network IDS contenders are ISS RealSecure, Cisco Secure IDS, Symantec NetProwler, NFR, and Snort.  The leading Host IDS contenders are ISS RealSecure, Tripwire, Symenatec Intruder Alert, and PentaSafe.  (note, this is off the top of my head).

But, which of these products or combination of products is right for you depends on...

Whether you want Network IDS, Host IDS, or both.
How much money you have to spend.
How many network segements you want to sniff (NIDS).
How many hosts and what OS they are (HIDS).
Whether you want integration with some other bits like CheckPoint firewalls or Cisco routers.
0
 

Author Comment

by:vmorales
Comment Utility
0
 

Author Comment

by:vmorales
Comment Utility
0
 

Author Comment

by:vmorales
Comment Utility
0
 

Author Comment

by:vmorales
Comment Utility
0
 

Author Comment

by:vmorales
Comment Utility
0
 

Author Comment

by:vmorales
Comment Utility
0
 

Author Comment

by:vmorales
Comment Utility
0
 

Author Comment

by:vmorales
Comment Utility
0
 

Author Comment

by:vmorales
Comment Utility
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:vmorales
Comment Utility
0
 

Author Comment

by:vmorales
Comment Utility
0
 
LVL 3

Expert Comment

by:erikdr
Comment Utility
Look at www.networkcomputing.com.

They very recently (now on homepage) did an extensive 10-brand test of ISS systems in a real lab. And managed e.g. to blow up eTrust (it required 4,000 times the power of one Pentium III to monitor their nodes) and Symantec NetProwler (could only handle 1 subnet). Top came out Enterasys and Cisco.

Hope this helps,

<Erik> - The Netherlands
0
 

Author Comment

by:vmorales
Comment Utility
I basically need as system that would sit between the router and the firewall that can support reporting, paging, etc. Network IDS would seem to be the solution here. How much money? Free or less than $10,000
0
 

Author Comment

by:vmorales
Comment Utility
I have been looking at Shadow and Dragon. I curious if Shadow can be deployed on an OpenBSD box?
0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
Given the small network infrastructure and the low budget, you're probably best off going with Snort (which is free) if you have the *nix expertise to use it properly.  Otherwise look at Symantec NetProwler, which runs on NT.
0
 

Author Comment

by:vmorales
Comment Utility
Chris,

We have also looked at Snort. I am curious as to your opinion of Shadow and Dragon. And why Snort over Shadow and Dragon. "No pun intended" :)
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 50 total points
Comment Utility
Snort seems to be getting the most mind-share these days and therefore has the best ancilliary tools and signature database.

Dragon is not too far behind, though.

Shadow seems like it's pretty dead at this point, since all the Shadow folks from the old Shadow team at Naval Surface Warfare Center are now working either for Cisco or the SANS Institute.
0
 

Author Comment

by:vmorales
Comment Utility
Will snort run on an OpenBSD box?
0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
Yes.  My office mate runs it on OpenBSD and claims it runs best there.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now