Internet security and scanning software reccomendations

Posted on 2005-03-29
Medium Priority
Last Modified: 2013-12-04
We are currently looking at options for web traffic scanning and securtiy.  We have tried an evaluation version of GFI and are currenly attempting to evaluate Trend Micros Internet Web security Suite but have not been too pleased with it thus far.  We are currently looking at Symantec's Gateway security as well.  Any information or offered opinion about this product of any other similar products would be greatly appreciated.
Question by:bpbarberhelp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 38

Expert Comment

by:Rich Rumble
ID: 13658565
Snort first and foremost http://www.snort.org/ Demarc also makes a fine IDS product
GFI is great, Nessus I think is better but it's close... http://www.nessus.org/
Can't do anything without Nmap http://www.insecure.org/nmap/ 
This one is so so http://www.saintcorporation.com/ The Saint.

Are there more specfic goals?


Expert Comment

ID: 13660483
One of the best suite of security products available today is from Kapersky.

Have a look at www.kapersky.com


Author Comment

ID: 13661350
Rich and Graeme,

   Thank you for the response.  Rich, to answer your question "are there more specific goals"? Yes, we are currently setup behind an ISA 2004 Proxy/Firewall that is setup on an external domain and being used as a DMZ.  This ISA box is setup with a one way (outgoing) non-transitive trust with our internal domain.  Ideally I would like a product that will scan all web traffic and downloads.  Should a download be blocked I would like this software to query the LDAP/Active Directory and e-mail the user who was attempting to download the software to let them know that the download had been blocked.  That way if the user determines the file to be necessary they can contact the IT Dept and request that we retrieve the file for them.  If you are familiar with McAfee EPO I am looking for functionality that is similar to the manner in which it handles e-mail attachments.
LVL 38

Accepted Solution

Rich Rumble earned 200 total points
ID: 13661462
Good, I was going to suggest mcafee. Snort can alert admins of activity that it get's triggered on, a script could look up the dns name of the ip that triggered it, and then possibly find out who is currently logged into that machine, and then poll AD for the email address if listed in the account info... Snort natively is passive, it doesn't block but only sniffs, but since version 2.3 came out it can be used inline to act as a dynamic firewall, but the potential for a DOS is pretty good, SnortSAM would be a better way to block upon an alert being triggered, as snortSAM has self DOS prevention methods that work well.

With a proxy you can get over some hurdles that commonly allow content to go unnoticed or unreadable, namely HttpS traffic and content that is servered via Gzip (such as yahoo message boards) you can set the proxy up to do the https between the site and itself, but the user gets http traffic so it can be sniffed, or the proxy can be set up to inflate the gzip content so the http traffic between the user and the proxy is uncompressed and easily sniffable. I'm not sure how to do this with ISA, but Squid does this very well.

Are you also looking to block/filter/alert website content? Such as porn, or other unsavory websites?
In addition Snort can tell you if anyone is using Kazza, LimeWire, Gnutella, BitTorrent,Napter or their ilk
Someother tools we find indespensable are:
Cacti http://cacti.net/
Ntop http://www.ntop.org/overview.html
Nflow http://www.ntop.org/nFlow/

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month13 days, 19 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question