Re: Intrusion Detection recommendations

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 11/19/02 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Tue, 19 Nov 2002 11:55:21 -0500

"Chad" <ccbird33@excite.com> wrote in message
news:OIu4aU0jCHA.2632@tkmsftngp12...
> Can anyone recommend a really good Intrustion Detection system?? I know
> this isn't totally related to Windows 2000 Security, but figured this
might
> be a good place to get ideas. I see there are a few biggies out there -
> NetProwler, Snort, RealSecure - but I need something that is going to be
> somewhat easy to install/implement, with good design, and good
performance -
> not to mention great value. Any recommendations would be appreciated -
> thanks!

I assume you're talking Network IDS. Keep in mind there are other forms of
intrusion detection that you may also want to consider in addition to NIDS,
such as:

* Host-based IDS or personal firewalls on key hosts [some are free for
non-commercial use, like www.sygate.com]
* file change checkers such as the free www.gfi.com File Integrity Checker
[hidden under the "Languard White Papers" link]
[this is highly recommended]
* log monitors such as www.ipsentry.com, $100 US [and might as well
monitor server reboots, service stops and restarts, and lack of response to
pings at the same time, as these can indicate intrusions or unwanted events]
* antivirus and trojan scanners such as Norton, www.grisoft.com [free],
www.pestpatrol.com, etc.

I agree with the other posts that Snort is probably going to be the only
"affordable" IDS. Other commercial IDS systems are good, but require a
commitment to significant spending.

More information:

http://securityadmin.info/faq.htm#firewall
http://securityadmin.info/faq.htm#harden

Relevant Pages

  • Re: IDS Opinions
    ... what is the throughput requirement for the IDS. ... options then the best fit will be Snort or CA. Snort is a freeware with ... >I recommend you to download the trial and test it yourself... ... >Subject: IDS Opinions ...
    (Focus-IDS)
  • Re: MSSP / IDS Selection
    ... If you're still trying to determine whether or not to go with an MSS vs ... For those customers we often recommend ... Perhaps you are looking for the managed IDS without ... It appears to offer services that Snort does not, ...
    (Focus-IDS)
  • Re: MSSP / IDS Selection
    ... after being involved in MSSP from back in 99, I did then and still have ... Can these providers manage my legacy products effectively as well? ... Subject: MSSP / IDS Selection ... For those customers we often recommend ...
    (Focus-IDS)
  • Re: how to add id to 2 tables
    ... You don't need to user a number format for your ID but I recommend it. ... You can then use a sequence to generate the IDs for your tables. ...
    (comp.databases.oracle.misc)