Re: SOHO Hardware IDS

From: Jerry Dixon (jerry_at_jdixon.com)
Date: 11/10/03

  • Next message: Jason V. Miller: "New SecurityFocus Focus Area Article" 
    Date: Mon, 10 Nov 2003 10:10:31 -0500
To: Ron Gula <rgula@tenablesecurity.com>, boutros@swissonline.ch, focus-ids@securityfocus.com

    At 09:41 AM 11/10/2003, Ron Gula wrote:
    >At 02:04 PM 11/10/2003 +0100, boutros@swissonline.ch wrote:
    >>Hi all,
    >>
    >>I am curious if there exists a SOHO-type hardware device with the
    >>functionality of the Snort IDS. I know I could build a cheap Linux box,
    >>but I am looking for something small and quieter than a PC....
    >>
    >>TIA,
    >>Boutros
    >
    >Check out Fortinet. http://www.fortinet.com/ Their web site has much
    >about firewalls and anti-virus, but they also have Snort embedded into
    >their appliances. I have several Tenable customers/partners looking at
    >them and they say the logs output pretty much the same data as the
    >Snort Linux boxes running right next to it.
    >
    >Ron Gula, CTO

    Fortinet is a very capable box. I've looked at other vendors (Check Point,
    Netscreen, & V-raptor) and they definitely have the lead on capabilities
    out of the box with regards to file blocking, anti-virus, NIDS
    functionality, VPN, and firewall feature set. I just finished testing the
    60R and very impressed with what they've got. The price point is also very
    good.

    Since I run an incident response team, logging is real important to us and
    this box has excellent log outputs as well...as Ron pointed out definitely
    go check their web site out or see if you can get a demo box to kick the
    tires.

    Jerry

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ids_031023
    and use priority code SF4.
    ---------------------------------------------------------------------------

  • Next message: Jason V. Miller: "New SecurityFocus Focus Area Article"

    Relevant Pages

    • Re: Snort firewalling on Term Serv?
      ... I believe I heard a rumor that a future version of Snort is to include this ... functionality, at least in the *nix version. ... > Since then does snort provide firewalling functionality? ...
      (microsoft.public.win2000.security)
    • Snort 1.8.3 Released
      ... Snort 1.8.3 is now available on the Downloads page at ... functionality, but some of the bug fixes are important: ... * Fixed ICMP decoder and printout routines for new ICMP header ...
      (Focus-IDS)
    • Quantcast