Internet security and scanning software reccomendations

Posted on 2005-03-29
Medium Priority
Last Modified: 2013-12-04
We are currently looking at options for web traffic scanning and securtiy.  We have tried an evaluation version of GFI and are currenly attempting to evaluate Trend Micros Internet Web security Suite but have not been too pleased with it thus far.  We are currently looking at Symantec's Gateway security as well.  Any information or offered opinion about this product of any other similar products would be greatly appreciated.
Question by:bpbarberhelp
  • 2
LVL 38

Expert Comment

by:Rich Rumble
ID: 13658565
Snort first and foremost http://www.snort.org/ Demarc also makes a fine IDS product
GFI is great, Nessus I think is better but it's close... http://www.nessus.org/
Can't do anything without Nmap http://www.insecure.org/nmap/ 
This one is so so http://www.saintcorporation.com/ The Saint.

Are there more specfic goals?


Expert Comment

ID: 13660483
One of the best suite of security products available today is from Kapersky.

Have a look at www.kapersky.com


Author Comment

ID: 13661350
Rich and Graeme,

   Thank you for the response.  Rich, to answer your question "are there more specific goals"? Yes, we are currently setup behind an ISA 2004 Proxy/Firewall that is setup on an external domain and being used as a DMZ.  This ISA box is setup with a one way (outgoing) non-transitive trust with our internal domain.  Ideally I would like a product that will scan all web traffic and downloads.  Should a download be blocked I would like this software to query the LDAP/Active Directory and e-mail the user who was attempting to download the software to let them know that the download had been blocked.  That way if the user determines the file to be necessary they can contact the IT Dept and request that we retrieve the file for them.  If you are familiar with McAfee EPO I am looking for functionality that is similar to the manner in which it handles e-mail attachments.
LVL 38

Accepted Solution

Rich Rumble earned 200 total points
ID: 13661462
Good, I was going to suggest mcafee. Snort can alert admins of activity that it get's triggered on, a script could look up the dns name of the ip that triggered it, and then possibly find out who is currently logged into that machine, and then poll AD for the email address if listed in the account info... Snort natively is passive, it doesn't block but only sniffs, but since version 2.3 came out it can be used inline to act as a dynamic firewall, but the potential for a DOS is pretty good, SnortSAM would be a better way to block upon an alert being triggered, as snortSAM has self DOS prevention methods that work well.

With a proxy you can get over some hurdles that commonly allow content to go unnoticed or unreadable, namely HttpS traffic and content that is servered via Gzip (such as yahoo message boards) you can set the proxy up to do the https between the site and itself, but the user gets http traffic so it can be sniffed, or the proxy can be set up to inflate the gzip content so the http traffic between the user and the proxy is uncompressed and easily sniffable. I'm not sure how to do this with ISA, but Squid does this very well.

Are you also looking to block/filter/alert website content? Such as porn, or other unsavory websites?
In addition Snort can tell you if anyone is using Kazza, LimeWire, Gnutella, BitTorrent,Napter or their ilk
Someother tools we find indespensable are:
Cacti http://cacti.net/
Ntop http://www.ntop.org/overview.html
Nflow http://www.ntop.org/nFlow/

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Is your organization moving toward a cloud and mobile-first environment? In this transition, your IT department will encounter many challenges, such as navigating how to: Deploy new applications and services to a growing team Accommodate employee…
Suggested Courses
Course of the Month8 days, 19 hours left to enroll

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question