RE: Network IDS
From: Dave Killion (Dkillion_at_netscreen.com)
Date: 08/25/03
- Previous message: H Carvey: "Re: System Hacked"
- Maybe in reply to: Duston Sickler: "Network IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Attila Nagy'" <nagya@omikron.hu>, Duston Sickler <dustons@charter.net> Date: Mon, 25 Aug 2003 10:03:14 -0700
<Disclaimer>I work for NetScreen</Disclaimer>
Not entirely true, Nagy - Cisco PIX is a custom kernel based on a flavor
of BSD, if I recall correctly, which apparently is not appropriate for
their environment (no Unix).
And the aforementioned SonicWall doesn't do IDS.
NetScreen firewalls are a great solution, but the current version
doesn't do full IDS. NetScreen has an incredible inline-IDS (we call it
the "IDP" = Intrusion Detection and Prevention) but it's a POSIX-based
system (closed source = all patches from us), so it also may not be
appropriate for Duston's environment.
I'd say running the same OS for your firewall as your desktop machines
may be a narrow way of thinking - if any vulnerability affects your
desktops, that same vulnerability could also affect your firewall. I
understand the business sense of it = less IT guys with less skill sets.
But the idea of putting all your eggs in one basket is also a well-known
business no-no.
There's been recent discussion on the consequences of homogeneous
networks verses heterogeneous networks on some of the 'advanced' mail
lists that you might want to check out.
Anyhow, good luck Duston!
I hope this information is helpful,
Dave Killion
Senior Security Engineer
Security Group, NetScreen Technologies, Inc.
-----Original Message-----
From: Attila Nagy [mailto:nagya@omikron.hu]
Sent: Friday, August 22, 2003 12:29 AM
To: Duston Sickler
Cc: security-basics@securityfocus.com
Subject: Re: Network IDS
Hello,
I'm using cisco products: Cisco Secure PIX firewall and Cisco Secure
Intrusion Detection System. Both of them hardware solution.
nagy(A)
2003-08-15, p keltezéssel Duston Sickler ezt írta:
> Hello,
>
> I would like to thank in advance everyone who is out of the office. I
> really do like to hear about it.
>
> The Network Administrator for the company I work for has charged me to
> locate a Network Intrusion Detection System. We do have a monitored
> firewall between us and the outside world. We need something to
protect
our
> servers from anyone coming from the inside. We have about 20 Windows
2000
> Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations.
>
> We live in a 100% Windows world and the powers that be will not be
receptive
> to any *nix solutions. We are more the willing to pay for a top of
the
line
> product as long is it is in fact top of the line.
>
> Currently I have been looking at the Symantec Gateway Device. We like
the
> idea of a stand alone piece of hardware. The only problem is we
already
> have a gateway server washing our email of viruses and 99% of Spam.
>
> Does anyone have any comments on the Symantec Gateway device? We have
had
> excellent experiences with there Gateway software and NAV Corp. Does
anyone
> have a different or better device that they could point me towards?
>
> I would like to thank everyone who replies to this post. I have
learned a
> great deal being on this list the last year and will continue to
appreciate
> all the expertise that is freely given here.
>
> Duston Sickler
> CompTIA A+ Certified
> "Cedo nulli."
>
>
>
------------------------------------------------------------------------
--- > ------------------------------------------------------------------------ ---- > > ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ ------------------------------------------------------------------------ --- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ------------------------------------------------------------------------ ----
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: H Carvey: "Re: System Hacked"
- Maybe in reply to: Duston Sickler: "Network IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
