RE: "Free" IDS
From: David Ellis (dellis@unicam.com)Date: 09/18/02
- Previous message: Brandon Gillespie: "Re: "Free" IDS"
- Maybe in reply to: Andrew Plato: ""Free" IDS"
- Next in thread: Talisker: "Re: "Free" IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: David Ellis <dellis@unicam.com> To: 'Ivan Coric' <ivan.coric@workcoverqld.com.au> Date: Tue, 17 Sep 2002 20:36:02 -0400
Hi, I have been following this thread and I would like to throw in my two
cents. I am very surprised noone mentioned Demarc PureSecure IDS solution.
It cost less than 2000.00 and it runs off of the snort engine and has a big
brother like feature for all your servers, does system file integrity
checking, has the best web interface I have ever seen, Has a management
console for all your sensors that report back to the management console,
alerting features, etc. Do your self a favor and download the demo and then
you tell me about purchasing a 40,000 dollar IDS like dragon. I highly
recommend this product and it loads easily on 2k or linux. I prefer linux
but that is my own preference. You go with the OS where you have the talent.
Oh and one more thing, if you want to learn snort then just read up on it.
That's what I did. The web is the best place for learning open source
software.
Dave
-----Original Message-----
From: Ivan Coric [mailto:ivan.coric@workcoverqld.com.au]
Sent: Tuesday, September 17, 2002 2:06 AM
To: aplato@anitian.com; focus-ids@securityfocus.com
Cc: paris@archerintegration.com
Subject: Re: "Free" IDS
well free in the cense that it doesn't cost $$ for the software. Granted
there is a HW cost, mm probably a couple of hundred $$ AUD. A P166 with 96Mb
ram would just nicely, add a couple of nics, and the value might rise to say
under $300 AUD.
Compare that to other commercial offerings?
Anyone thinking of running a IDS would require knowledge, regardless of the
system they choose! No need to go to SANS, why not read the docs off the
snort site?, buy TCP/IP Illustrated, everything you require is there or via
google at no cost, not considering time to read it.
>Getting on to Snort. Snort is a great IDS - no question about it. And we've
helped a few customers, here and there, >implement it. But, in general the
places that implement Snort are not likely to have the money to pay for
consultants >like me. In fact, I usually tell folks to take one of the SANS
courses if they want to become Snort savvy.
Not necessarily, we have $$ but also the talent.
Then set it up in a distributed fashion logging to a SQL server and whip in
ACID and now we have a kick as.s web based IDS solution covering your
enterprise.
Yeah sure you need someone skilled to read the alerts generated, but I am
sure its the same for any IDS solution. (I only know snort).
Ahh support, usually I can find a answer via the net before the company has
time to send out its automated "we'll get back to you" response.
I am not knocking any of the commercial offerings, but if you have the
talent in your organization then I see no reason not to go with snort.
cheers
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric@workcoverqld.com.au
>>> "Andrew Plato" <aplato@anitian.com> 09/14/02 10:22am >>>
> Snort = Free
> Prelude = Free
> NFR = $$$$$
> Real Secure = $$$$$
> Cisco Secure = $$$$$
> Dragon = $$$$$$$$$
Running Snort in an enterprise is hardly "free". Snort has to be run on
system(s) and that costs money (even if its a junker sitting around, it
still has value.) Moreover, if your company is paying somebody to install,
manage, and maintain, a Snort box, that's a cost. And it could be argued
that Snort boxes have a considerably higher administration hit since there
is no standard rule set and enterprise-wide deployment is very difficult.
Then there is the training of the people using that tool. That usually means
attending a SANS course - that's $4500 a pop when you add in hotel, flights,
rental car, and mini-bar costs (unless you're lucky and have a SANS course
come to your town).
Granted, any commercial IDS is going probably cost a bit more over an open
source product, but you also get economies of scale. For example, most
commercial IDS products have inexpensive training seminars or even web-based
seminars that can help teach users. This gets you a massive economy of scale
on training. Support costs (and times) can be cut down since there is a
centralized support mechanism for these products.
Its easy to analyze cost in a techno-vacuum. But any serious analysis of the
cost of ANY technology and especially IDS must consider the related expenses
of management, maintenance, training, and support.
------------------------------------
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation
(503) 644-5656 office
(503) 201-0821 cell
http://www.anitian.com
------------------------------------
***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland.
The contents of this message are to be used for the intended purpose only
and are to be kept confidential at all times. This message may contain
privileged information directed only to the intended addressee/s.
Accidental receipt of this information should be deleted promptly
and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************
**************************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or the
sender immediately and do not disclose the contents to anyone or make copies.
** eSafe-portsmouth scanned this email for viruses, vandals and malicious content **
**************************************************************************************************
- Previous message: Brandon Gillespie: "Re: "Free" IDS"
- Maybe in reply to: Andrew Plato: ""Free" IDS"
- Next in thread: Talisker: "Re: "Free" IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
