[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

Intrusion Detection Systems

Would anyone be willing to share there opinions or recommendations on an Intrusion Detection System?
0
vmorales
Asked:
vmorales
  • 15
  • 4
1 Solution
 
chris_calabreseCommented:
The leading Network IDS contenders are ISS RealSecure, Cisco Secure IDS, Symantec NetProwler, NFR, and Snort.  The leading Host IDS contenders are ISS RealSecure, Tripwire, Symenatec Intruder Alert, and PentaSafe.  (note, this is off the top of my head).

But, which of these products or combination of products is right for you depends on...

Whether you want Network IDS, Host IDS, or both.
How much money you have to spend.
How many network segements you want to sniff (NIDS).
How many hosts and what OS they are (HIDS).
Whether you want integration with some other bits like CheckPoint firewalls or Cisco routers.
0
 
vmoralesAuthor Commented:
0
 
vmoralesAuthor Commented:
0
The eGuide to Automating Firewall Change Control

Today‚Äôs IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

 
vmoralesAuthor Commented:
0
 
vmoralesAuthor Commented:
0
 
vmoralesAuthor Commented:
0
 
vmoralesAuthor Commented:
0
 
vmoralesAuthor Commented:
0
 
vmoralesAuthor Commented:
0
 
vmoralesAuthor Commented:
0
 
vmoralesAuthor Commented:
0
 
vmoralesAuthor Commented:
0
 
erikdrCommented:
Look at www.networkcomputing.com.

They very recently (now on homepage) did an extensive 10-brand test of ISS systems in a real lab. And managed e.g. to blow up eTrust (it required 4,000 times the power of one Pentium III to monitor their nodes) and Symantec NetProwler (could only handle 1 subnet). Top came out Enterasys and Cisco.

Hope this helps,

<Erik> - The Netherlands
0
 
vmoralesAuthor Commented:
I basically need as system that would sit between the router and the firewall that can support reporting, paging, etc. Network IDS would seem to be the solution here. How much money? Free or less than $10,000
0
 
vmoralesAuthor Commented:
I have been looking at Shadow and Dragon. I curious if Shadow can be deployed on an OpenBSD box?
0
 
chris_calabreseCommented:
Given the small network infrastructure and the low budget, you're probably best off going with Snort (which is free) if you have the *nix expertise to use it properly.  Otherwise look at Symantec NetProwler, which runs on NT.
0
 
vmoralesAuthor Commented:
Chris,

We have also looked at Snort. I am curious as to your opinion of Shadow and Dragon. And why Snort over Shadow and Dragon. "No pun intended" :)
0
 
chris_calabreseCommented:
Snort seems to be getting the most mind-share these days and therefore has the best ancilliary tools and signature database.

Dragon is not too far behind, though.

Shadow seems like it's pretty dead at this point, since all the Shadow folks from the old Shadow team at Naval Surface Warfare Center are now working either for Cisco or the SANS Institute.
0
 
vmoralesAuthor Commented:
Will snort run on an OpenBSD box?
0
 
chris_calabreseCommented:
Yes.  My office mate runs it on OpenBSD and claims it runs best there.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 15
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now