Solved

Network Based Intrustion Detection System

Posted on 2006-07-04
4
326 Views
Last Modified: 2013-11-16
I am looking for a NIDS, my budget is as of yet undefined, but I have only heard of Cisco IDS, Stealthwatch, and Snort. What else is there to look at, appliance or software based is fine, but it must have the ability to inject response packets.

Basically, I need a list of whats out there.
0
Comment
Question by:Derekleu
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 17037550
We have used and really like the Lockdown systems:
http://www.lockdownnetworks.com/

As well as Forescout:
http://www.forescout.com/index.php?url=products§ion=activescout

Good article on evaluating NIDS
http://www.sans.org/resources/idfaq/eval_ids.php?portal=250bde9daa8e00cb707b97b4cba5751c

Lancope Stealthwatch uses NetFLow with is an emerging technique that does not rely on known signatures
http://www.lancope.com/products/stealthwatch-demo/

You might also want to take a look at Cisco's CSMARS appliance products:
http://www.cisco.com/en/US/products/ps6241/index.html
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 20 total points
ID: 17037969
Some more will be ISS (Internet Security Systems) & Juniper IDP.

Cheers,
Rajesh
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 50 total points
ID: 17038064
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 30 total points
ID: 17038172
The folks who make the free IDS Snort, also make a wonderful hardware appliance and will train you on how to deploy/administer/maintain it.
http://www.sourcefire.com/products/dc.html
http://www.sourcefire.com/products/is.html
http://www.sourcefire.com/products/rna.html

There is also the 3rd party addon to Snort, SnortSAM, that will update your firewall's or router ACL's based on alerts/triggers you assign in Snort. http://www.snortsam.net/
While it's not exactly "..it must have the ability to inject response packets" it does drop/block traffic very quickly, and you can define for how long the block last's.
-rich
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question