Solved

ids/ips solution for small business

Posted on 2011-02-17
4
976 Views
Last Modified: 2013-11-29
Can you someone recommend an IDS/IPS solution for small business? They can't afford a expensive solution. We want to be able to protect and the monitor layer 7.


thanks
0
Comment
Question by:officertango
  • 2
4 Comments
 

Accepted Solution

by:
dhblane earned 250 total points
ID: 34921959
You should take a look at snort.

Snort is free open source software and when combined with a front-end like Snorby extremely easy to monitor.  Rules for snort are regularly updated and you can get a lot of additional ones from a variety of feeds, bleeding snort is particularly good.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 34922572
I assume you want to cover layers 3-7, Suricata, Snort or Bro IDS's are all very good at monitoring. You can use those three in an inline mode as an IPS to block, or use SnortSam to update firewall rules to block based on what the IDS's are reporting. All three above are free but have many offerings to help impliment, tune and even manage. IDS's are prone to false positives, and none work for everyone right out of the box, they all need tuned to your environment.
Some organizations use Snort/Suricata/Bro on the inside of the network to see if threats make it in, or are going out and then worry about tracking down a false positive or false negative. Installing an IDS on the outside, there are a lot of false positives that happen on the internet that will send your IDS into a tizzy.
-rich
0
 

Author Comment

by:officertango
ID: 34971062
does SnortSam works with juniper firewall, ssg5?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 34971132
Says they do: http://www.snortsam.net/
I don't have any myself so I'm not certain, but it is a good application.
-rich
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now