About IDS tools

From: Renee Teunissen (thuis) (renee@home.wittenburg10c.nl)
Date: 07/31/01

Message-ID: <007f01c119fd$1b9d04a0$5908a8c0@ratnoot>
From: "Renee Teunissen (thuis)" <renee@home.wittenburg10c.nl>
To: <SECURITY-BASICS@securityfocus.com>
Subject: About IDS tools
Date: Tue, 31 Jul 2001 22:12:20 +0200


Currently I am investigating a propper way to implent an IDS in large
corporate network on about 20 locations with one central server location.

We have two different issues / projects.

1: to provide a service to detect internal intrusion attempts (to detect
"inside" hacks and network resource misuse). We have a lot of internal LANs
(eg, production, development, testing, etc) and wish to monitor the traffic
between those networks.
2: to provide a service to detect external intrusion attempts, packets that
go by a firewall, etc, etc. made by people using the extra-nets of
intra-nets (Cablemodem / DSL connected home workers, etc)

Are there reports of such implementations and what kind of products can
handle switched networks with 50K+ PC's and 3K+ servers/unixboxes across a
large corporate WAN. And are there know implemantation strategies? Please
give me your thoughts about this..


----- Original Message -----
From: "Peņa, Botp" <botp@delmonte-phil.com>
To: <SECURITY-BASICS@securityfocus.com>
Sent: Tuesday, July 31, 2001 5:37 AM
Subject: RE: Qmail vs. postfix

> We use postfix.
> Very simple to admin, very simple configuration.
> Very secure (the author himself is a recongnized security expert). I have
> placed one postfix server facing the internet (for 3 years already)
> a firewall. It hasn't been down ever (hey, I am not challenging you guys.
> have placed it there in case our fw gets hosed. Currently it does bulk
> mailing ;-)
> Very fast, so fast that I have to slow it down (so to speak) since our
> hardware was not catching up ;-)
> Very clean and open code (if you know C, you'll appreciate it ;-)
> HTH. note, this is just my comment on postfix.
> -botp
> -----Original Message-----
> From: Uros Gruber [mailto:uros.gruber@sir-mag.com]
> Sent: Wednesday, July 25, 2001 6:47 AM
> To: SECURITY-BASICS@securityfocus.com
> Subject: Qmail vs. postfix
> Hi!
> can anybody tell me what to use. I want to have secure mail
> agent.
> Qmail or postfix.
> --
> thanks,
> Uros mailto:uros.gruber@sir-mag.com