Solved

Intrusion Detection Systems

Posted on 2001-08-13
20
245 Views
Last Modified: 2010-04-11
Would anyone be willing to share there opinions or recommendations on an Intrusion Detection System?
0
Comment
Question by:vmorales
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 4
20 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6381767
The leading Network IDS contenders are ISS RealSecure, Cisco Secure IDS, Symantec NetProwler, NFR, and Snort.  The leading Host IDS contenders are ISS RealSecure, Tripwire, Symenatec Intruder Alert, and PentaSafe.  (note, this is off the top of my head).

But, which of these products or combination of products is right for you depends on...

Whether you want Network IDS, Host IDS, or both.
How much money you have to spend.
How many network segements you want to sniff (NIDS).
How many hosts and what OS they are (HIDS).
Whether you want integration with some other bits like CheckPoint firewalls or Cisco routers.
0
 

Author Comment

by:vmorales
ID: 6381963
0
 

Author Comment

by:vmorales
ID: 6382118
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 

Author Comment

by:vmorales
ID: 6382126
0
 

Author Comment

by:vmorales
ID: 6382127
0
 

Author Comment

by:vmorales
ID: 6382141
0
 

Author Comment

by:vmorales
ID: 6382143
0
 

Author Comment

by:vmorales
ID: 6382146
0
 

Author Comment

by:vmorales
ID: 6382154
0
 

Author Comment

by:vmorales
ID: 6382235
0
 

Author Comment

by:vmorales
ID: 6382239
0
 

Author Comment

by:vmorales
ID: 6382243
0
 
LVL 3

Expert Comment

by:erikdr
ID: 6383405
Look at www.networkcomputing.com.

They very recently (now on homepage) did an extensive 10-brand test of ISS systems in a real lab. And managed e.g. to blow up eTrust (it required 4,000 times the power of one Pentium III to monitor their nodes) and Symantec NetProwler (could only handle 1 subnet). Top came out Enterasys and Cisco.

Hope this helps,

<Erik> - The Netherlands
0
 

Author Comment

by:vmorales
ID: 6384404
I basically need as system that would sit between the router and the firewall that can support reporting, paging, etc. Network IDS would seem to be the solution here. How much money? Free or less than $10,000
0
 

Author Comment

by:vmorales
ID: 6384410
I have been looking at Shadow and Dragon. I curious if Shadow can be deployed on an OpenBSD box?
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6384415
Given the small network infrastructure and the low budget, you're probably best off going with Snort (which is free) if you have the *nix expertise to use it properly.  Otherwise look at Symantec NetProwler, which runs on NT.
0
 

Author Comment

by:vmorales
ID: 6384439
Chris,

We have also looked at Snort. I am curious as to your opinion of Shadow and Dragon. And why Snort over Shadow and Dragon. "No pun intended" :)
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 50 total points
ID: 6384473
Snort seems to be getting the most mind-share these days and therefore has the best ancilliary tools and signature database.

Dragon is not too far behind, though.

Shadow seems like it's pretty dead at this point, since all the Shadow folks from the old Shadow team at Naval Surface Warfare Center are now working either for Cisco or the SANS Institute.
0
 

Author Comment

by:vmorales
ID: 6384523
Will snort run on an OpenBSD box?
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6384558
Yes.  My office mate runs it on OpenBSD and claims it runs best there.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
security group 2 39
Barracuda WAF Training? 2 69
Dropbox phishing tutorial 5 69
where to get up-to-minute Microsoft security news 2 38
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question