Re: Any IDS Recommendations?

From: The Poster (nospam_at_nospam_dontyoudare.net)
Date: 07/13/05

  • Next message: mwcanton: "Active Directory User Groups"
    Date: Wed, 13 Jul 2005 16:06:55 +0100
    
    

    Thanks Simon for the advice.

    Vendors recommend that the first IDS be placed in front of the edge router
    (I think I might have read that in a Cisco Safe white paper) - I've taken
    this a step further in placing it between the packet filtering router and
    the firewall. As I mentioned in my earlier post that we are running a Cisco
    based firewall (PIX) - which as I'm sure you are aware of, doesn't provide
    much in the way (bar the IDS rule and a few common signatures) of IDS
    features. I do appreciate that alot of 'trash' will be reported, and most
    of that trash will be SSL/IPSec traffic - but thats the hit I'm prepared to
    take.

    Snort - do you think its easy to configure? I don't. From the research that
    I've done to date Tipping Point seem to have the spot light on them, and are
    selling it on the basis that its easy to install and configure, and doesn't
    involve constant monitoring.

    Steve.

    "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
    news:edzjAj5hFHA.3936@TK2MSFTNGP10.phx.gbl...
    > Hi there,
    >
    > I recommend Snort. The open source solution is used in at least one of
    > Australian Big 5 banks. Alternatively, you can use SourceFire - they add
    > nice management interface, "supportability" and price tag.
    >
    > Implementing NIDS in front of the external firewal - bad idea. You will
    have
    > a lot of rubbish and chances are that you'll miss something important. DMZ
    > is a different matter - port scan has to raise a legitimate alarm in
    there.
    > On the corporate network implement your NIDS too, you must.
    >
    > --
    > Svyatoslav Pidgorny, MS MVP - Security, MCSE
    > -= F1 is the key =-
    >
    > "The Poster" <nospam@nospam_dontyoudare.net> wrote in message
    > news:uTuR$k4hFHA.2644@TK2MSFTNGP09.phx.gbl...
    > > G/Day Forum,
    > >
    > > I currently in the process of evaluating a number of IDS solutions. This
    > IDS
    > > system will sit between an edge router (configured with ingress/egress
    > > filtering) and a Cisco Firewall. Our throughput requirement is low, as
    > we've
    > > only got a 2mb leased line to our ISP..
    > >
    > > Whats important to us:
    > > - ease of configuration and ongoing management
    > > - cost effectiveness
    > > - suitability to Industry (Financial)
    > > - logging ability/high quality reports/audit trail
    > >
    > > The products I'm currently looking at are:
    > > - Tipping Point 50
    > > - Cisco IDS 4215
    > >
    > > Any ideas, opinions, guidance?
    > >
    > > Regards,
    > > Steve.
    > >
    > >
    >
    >


  • Next message: mwcanton: "Active Directory User Groups"