Re: SOHO Hardware IDS

From: Ron Gula (rgula_at_tenablesecurity.com)
Date: 11/10/03

  • Next message: PPowenski_at_oag.com: "RE: SOHO Hardware IDS" 
    Date: Mon, 10 Nov 2003 09:41:11 -0500
To: boutros@swissonline.ch, focus-ids@securityfocus.com

    At 02:04 PM 11/10/2003 +0100, boutros@swissonline.ch wrote:
    >Hi all,
    >
    >I am curious if there exists a SOHO-type hardware device with the
    >functionality of the Snort IDS. I know I could build a cheap Linux box,
    >but I am looking for something small and quieter than a PC....
    >
    >TIA,
    >Boutros

    Check out Fortinet. http://www.fortinet.com/ Their web site has much
    about firewalls and anti-virus, but they also have Snort embedded into
    their appliances. I have several Tenable customers/partners looking at
    them and they say the logs output pretty much the same data as the
    Snort Linux boxes running right next to it.

    Ron Gula, CTO
    Tenable Network Security
    http://www.tenablesecurity.com
    [Ligthnign Console - Distributed Enterprise Security Manager ]
    [NeVO Scanner - 100% Passive Vulnerability Detection ]
    [NeWT Scanner - The easy-to-use vulnerability scanner for XP ]

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ids_031023
    and use priority code SF4.
    ---------------------------------------------------------------------------

  • Next message: PPowenski_at_oag.com: "RE: SOHO Hardware IDS"

    Relevant Pages

    • Re: Windows based (H)IDS
      ... It may seems so obvious that snort library is very ... Security but it is a commercial product. ... > softwares can be added to the ... > over a network. ...
      (Focus-IDS)
    • AW: Need help/info
      ... I need to plan and deploy an IPS/IDS system for our hup-spoke sites. ... I think it is too much expectation from a Security engineer without experience or the impact of using an IPS seems to be low /it is definitely not business critical/. ... What I plan for my company -as I did that once- is that, I will ask for trial products and some introduction with allocated engineer for a day. ... I might suggest the Snort Mailing lists, ...
      (Focus-IDS)
    • Re: Is snort an overkill for desktop only environment ?
      ... The answer to your question probably depends on what level of security ... One way to save money and management overhead with Snort might be to ... Another option is to install it on a small, ... Securing Apache Web Server with thawte Digital Certificate ...
      (Security-Basics)
    • [NEWS] Snort TCP Stream Reassembly Integer Overflow Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Snort is a very popular open source network intrusion detection system. ... A workaround for this bug is to disable the TCP stream reassembly module. ... packets with the free command line packet creating utility called hping ...
      (Securiteam)
    • [NEWS] Multiple Vulnerabilities in Snort Preprocessors (RPC, stream4)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... There are two vulnerabilities in the Snort Intrusion Detection System, ... exploitable heap overflow in the Snort "stream4" preprocessor module. ... To exploit this vulnerability, an attacker must disrupt the state tracking ...
      (Securiteam)
    • Quantcast