Solved

ids/ips solution for small business

Posted on 2011-02-17
4
1,036 Views
Last Modified: 2013-11-29
Can you someone recommend an IDS/IPS solution for small business? They can't afford a expensive solution. We want to be able to protect and the monitor layer 7.


thanks
0
Comment
Question by:officertango
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Accepted Solution

by:
dhblane earned 250 total points
ID: 34921959
You should take a look at snort.

Snort is free open source software and when combined with a front-end like Snorby extremely easy to monitor.  Rules for snort are regularly updated and you can get a lot of additional ones from a variety of feeds, bleeding snort is particularly good.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 34922572
I assume you want to cover layers 3-7, Suricata, Snort or Bro IDS's are all very good at monitoring. You can use those three in an inline mode as an IPS to block, or use SnortSam to update firewall rules to block based on what the IDS's are reporting. All three above are free but have many offerings to help impliment, tune and even manage. IDS's are prone to false positives, and none work for everyone right out of the box, they all need tuned to your environment.
Some organizations use Snort/Suricata/Bro on the inside of the network to see if threats make it in, or are going out and then worry about tracking down a false positive or false negative. Installing an IDS on the outside, there are a lot of false positives that happen on the internet that will send your IDS into a tizzy.
-rich
0
 

Author Comment

by:officertango
ID: 34971062
does SnortSam works with juniper firewall, ssg5?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 34971132
Says they do: http://www.snortsam.net/
I don't have any myself so I'm not certain, but it is a good application.
-rich
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question