Re: Any IDS Recommendations?
From: The Poster (nospam_at_nospam_dontyoudare.net)
Date: Wed, 13 Jul 2005 16:06:55 +0100
Thanks Simon for the advice.
Vendors recommend that the first IDS be placed in front of the edge router
(I think I might have read that in a Cisco Safe white paper) - I've taken
this a step further in placing it between the packet filtering router and
the firewall. As I mentioned in my earlier post that we are running a Cisco
based firewall (PIX) - which as I'm sure you are aware of, doesn't provide
much in the way (bar the IDS rule and a few common signatures) of IDS
features. I do appreciate that alot of 'trash' will be reported, and most
of that trash will be SSL/IPSec traffic - but thats the hit I'm prepared to
Snort - do you think its easy to configure? I don't. From the research that
I've done to date Tipping Point seem to have the spot light on them, and are
selling it on the basis that its easy to install and configure, and doesn't
involve constant monitoring.
"S. Pidgorny <MVP>" <firstname.lastname@example.org> wrote in message
> Hi there,
> I recommend Snort. The open source solution is used in at least one of
> Australian Big 5 banks. Alternatively, you can use SourceFire - they add
> nice management interface, "supportability" and price tag.
> Implementing NIDS in front of the external firewal - bad idea. You will
> a lot of rubbish and chances are that you'll miss something important. DMZ
> is a different matter - port scan has to raise a legitimate alarm in
> On the corporate network implement your NIDS too, you must.
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
> "The Poster" <nospam@nospam_dontyoudare.net> wrote in message
> > G/Day Forum,
> > I currently in the process of evaluating a number of IDS solutions. This
> > system will sit between an edge router (configured with ingress/egress
> > filtering) and a Cisco Firewall. Our throughput requirement is low, as
> > only got a 2mb leased line to our ISP..
> > Whats important to us:
> > - ease of configuration and ongoing management
> > - cost effectiveness
> > - suitability to Industry (Financial)
> > - logging ability/high quality reports/audit trail
> > The products I'm currently looking at are:
> > - Tipping Point 50
> > - Cisco IDS 4215
> > Any ideas, opinions, guidance?
> > Regards,
> > Steve.