Re: Any IDS Recommendations?
From: The Poster (nospam_at_nospam_dontyoudare.net)
Date: 07/15/05
- Next message: Kirtal Lalla: "RE: Windows Malicious Software Tool Won't Go Away"
- Previous message: The Poster: "Re: Any IDS Recommendations?"
- In reply to: Karl Levinson, mvp: "Re: Any IDS Recommendations?"
- Next in thread: Karl Levinson, mvp: "Re: Any IDS Recommendations?"
- Reply: Karl Levinson, mvp: "Re: Any IDS Recommendations?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Jul 2005 09:37:03 +0100
Hi Karl,
Thanks for your reply.
Funny you mention Tripwire, its a product we intend rolling out in parallel
with our NIDS. So far I'm leaning towards the Tipping Point solution - and
3Com have agreed to give me one on trial for a few weeks.
Any thoughts re' best location for my NIDS?
Regards,
Steve.
"Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
news:eHIBp9AiFHA.576@TK2MSFTNGP15.phx.gbl...
>
> "Steve Clark [MSFT]" <bogus@microsoft.com> wrote in message
> news:uc6E7v8hFHA.1968@TK2MSFTNGP14.phx.gbl...
> > Honestly, NIDS is nothing more than a waste of time and money IMO.
>
> NIDS is a tool that gives you something you can't easily get otherwise.
> It's grep for the network. It's true that some organizations probably
waste
> too much effort on IDS. But how much time you put into IDS is entirely up
> to you. You can automate a lot of it if you want.
>
> NIDS [that aren't NIPS] are just as much a waste of time IMHO. The
network
> portion is the most useful part of them, but it's easier and more cost
> effective to do that same network monitoring with a NIDS. Detecting file
> changes is useful, but is only a part of some NIDS, and is arguably better
> done with a file change checker like www.gfi.com Languard SIM, Osiris,
etc.
> There really aren't too many robust commercial file change checker
solutions
> IMHO, except maybe Tripwire for Windows, which I understand is pricey.
The
> main other thing most HIDS do is monitor the windows event log, but 1) you
> can do that with any number of other non-IDS products, 2) most HIDS are
> configured by default to give you way too many false alarms in the windows
> event logs, and 3) few NIDS I'm aware of give you an easy way to configure
> these events, you have to go back into Windows to manage this stuff.
>
> To the OP: A lot of people are running away from ISS due to their
> historically high prices and bad support in the past. Their prices may
have
> changed with their new line, I don't know. Their products in the past
have
> not been so easy to configure if you have a lot of devices, but OK if you
> have just one or two. A problem for me is that their signatures are
closed
> source, which would be useful information to know when trying to tell
false
> alarms from real events.
>
> www.enterasys.com Dragon is a popular and inexpensive IDS solution that is
> somewhat similar to Snort, but is probably easier to configure.
>
> www.netscreen.com has some attractive inexpensive low end devices that I
> understand have IDS, IPS, bandwidth shaping and monitoring, and a whole
> bunch of other features. Their low end devices have all the exact same
> features as their high end enterprise devices.
>
> The tipping point IDS / IPS and cisco devices you mention are other
popular
> choices.
>
>
> > "The Poster" <nospam@nospam_dontyoudare.net> wrote in message
> > news:uTuR$k4hFHA.2644@TK2MSFTNGP09.phx.gbl...
> > > G/Day Forum,
> > >
> > > I currently in the process of evaluating a number of IDS solutions.
This
> > > IDS
> > > system will sit between an edge router (configured with ingress/egress
> > > filtering) and a Cisco Firewall. Our throughput requirement is low, as
> > > we've
> > > only got a 2mb leased line to our ISP..
> > >
> > > Whats important to us:
> > > - ease of configuration and ongoing management
> > > - cost effectiveness
> > > - suitability to Industry (Financial)
> > > - logging ability/high quality reports/audit trail
> > >
> > > The products I'm currently looking at are:
> > > - Tipping Point 50
> > > - Cisco IDS 4215
> > >
> > > Any ideas, opinions, guidance?
> > >
> > > Regards,
> > > Steve.
> > >
> > >
> >
> >
>
>
- Next message: Kirtal Lalla: "RE: Windows Malicious Software Tool Won't Go Away"
- Previous message: The Poster: "Re: Any IDS Recommendations?"
- In reply to: Karl Levinson, mvp: "Re: Any IDS Recommendations?"
- Next in thread: Karl Levinson, mvp: "Re: Any IDS Recommendations?"
- Reply: Karl Levinson, mvp: "Re: Any IDS Recommendations?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
