Security Basics mailing list archives
Re: Windows IDS
From: Jimi Thompson <jimit () myrealbox com>
Date: Thu, 6 Nov 2003 22:55:24 -0600
All of the best tools are going to be linux or unix based since they've likely been around longer. Personally, I consider my IDS box to be a bastion host and I try to lock it down as best I can. That's very difficult to do with Windows unless you want a very broken machine. It's much easier to do with Linux or Unix. Frankly, of all the IDS's I've see, commercial and open source, SNORT rates among the highest. I've worked for larger employers who insisted on testing other products, many that ran well into 6 figures, but most all of them ended up using SNORT. They may have bought the other stuff, but SNORT definitely has it's place. Combined with per host firewalls, Tripwire, good perimeter security and Nessus to scan and check on everything, you should be in good very good shape. I'd also suggest that you scavenge something you can load RedHat, Mandrake, or SuSE on and start getting comfortable with Linux.
2 cents, Jimi At 2:31 PM -0500 11/6/03, me null wrote:
Hello everyone, ive seen alot of people recomending snort as an IDS but the only problem w/ that is im running windows. As far as the enviorment the IDS would be in... theres not alot of PCs in it, its a privet network. The top few things i want are in this order1 - Security of course, how good the IDS acutualy is2 - Interface, something that will not be a pain in the arse to have to deal with3 - Price, null = best4 - Funcontionalty, basic features that make life easyer ie. having logs sent to a remote pc, ect ectTYBTW about "opensource" things, is the only opensource apps / tools just for non MS platforms? if i made an IDS for windows i would have it be open source_________________________________________________________________Is your computer infected with a virus? Find out with a FREE computer virus scan from McAfee. Take the FreeScan now! http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963--------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCEThe Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCEThe Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Windows IDS me null (Nov 06)
- Re: Windows IDS JGrimshaw (Nov 06)
- RE: Windows IDS Amin Lalji (Nov 07)
- Re: Windows IDS Byron Sonne (Nov 07)
- Re: Windows IDS Jaymz Ringler (Nov 07)
- Re: Windows IDS Jimi Thompson (Nov 07)
- Re: Windows IDS Marcos E. Rodriguez (Nov 07)
- <Possible follow-ups>
- Re: Windows IDS Eric Brown (Nov 07)
- Re: Windows IDS Chris Berry (Nov 07)
- FW: Windows IDS Alex Pimperton (Nov 07)
- Re: Windows IDS sh0t0 (Nov 07)