Security Basics mailing list archives
Re: Recommending an IDS system
From: "Bob Radvanovsky" <rsradvan () unixworks net>
Date: Thu, 11 Mar 2004 15:57:00 -0600
If you are looking for some "alternatives", there is a distribution called "Sentinix", which is available FREE. Go here for their web site: http://www.sentinix.org. It's SNORT with SNORTCenter, running ACID, Nagios, Nagat, Cacti, and a few others. Nicely done, nicely put together, and seems to be (fairly) "stable". If you'd like to see a demonstration of the product, I am hosting the demo server: http://sentinix-demo.unixworks.net Logins are: snortcenter/cacti: "admin", pw="temp1234" nagios/nagat: "nagiosadmin", pw="temp1234" The server is rebuilt weekly to keep its "freshness". The server is available openly and freely to anyone who wishes to use it. The distro, however, is only available through the Sentinix web site, or their mirrors. Spread 'da woyd... ;) Cheers! Bob Radvanovsky [/unixworks] rsradvan(at)unixworks.com "knowledge squared is information shared." ----- Original Message ----- From: "Jim Conner" <jconner () lrn com> To: <JGrimshaw () ASAP com> Cc: <security-basics () securityfocus com> Sent: Wednesday, March 10, 2004 11:33 AM Subject: RE: Recommending an IDS system
I did an evaluation with Sourcefire and I have to say that I really liked it. We are doing evals on other appliances before committing to anything. Sourcefire has three architectures to choose from; IBM, Intel, and Solaris (IIRC -- they might not have a solaris product but I believe they do). We went with the Intel 22mb arch since it was the least expensive and our infrastructure doesn't require much hardware-wise to watch whats going on. Each architecture also has a speed associated with it which for higher speeds you'd pay more for the product. The speeds were (again, IIRC)
22mb,
45mb, 100mb, and 1gb. These speeds were the amount of throughput that the snort engine was tuned to be able to watch without dropping packets as
well
as hardware for the gigE interface, I believe. They have a configuration management machine that is capable of monitoring all of the sensors on
your
network allowing administrators to view all goings-on from one central location. That machine is a flat $17K. It is not a sensor. You can't
eval
that machine either so it is difficult to say how well the product will do its job. However, judging on the appliance and its abilities the config mgmt box is probably decent. We started the evaluation using the older 2.7 interface. The 3.0
interface
went prod while we were eval'ing the unit so I upgraded the machine from
2.7
to 3.0 which was an extremely simple process. I found the 3.0 interface
to
be 100x's better than the 2.7 interface. Out of the box the configuration of the product was simple. Tuning is the same as any other IDS. It was basically plug-n-play, though. You can update the snort rules, which come from Sourefire, from the web interface. You also get full admin access to the console of the machine should you decide to mess with things or want
to
view logs or whatnot. It was not necessary to ever really use the CLI, though. Overall, I really liked the product. We are evaluating the Still Secure
IPS
product now. ------------------------------------ Jim Conner | Systems Administrator 310.209.5487 | http://www.lrn.com LRN -- The Legal Knowledge Network -----Original Message----- From: JGrimshaw () ASAP com [mailto:JGrimshaw () ASAP com] Sent: Tuesday, March 09, 2004 7:00 AM Cc: security-basics () securityfocus com Subject: RE: Recommending an IDS system Does anyone have any insight into the Sourcefire products? They are Linux appliances based on the Snort system. --------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------
--
--------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------
-- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Recommending an IDS system, (continued)
- RE: Recommending an IDS system Fields, James (Mar 04)
- RE: Recommending an IDS system Fields, James (Mar 04)
- RE: Recommending an IDS system Buyer Jr, David (Mar 08)
- RE: Recommending an IDS system John Kingston (Mar 08)
- RE: Recommending an IDS system Josh Mills (Mar 08)
- RE: Recommending an IDS system JGrimshaw (Mar 09)
- RE: Recommending an IDS system Nick Benigno (Mar 09)
- Re: Recommending an IDS system D B (Mar 10)
- RE: Recommending an IDS system Mitchell Rowton (Mar 10)
- RE: Recommending an IDS system Jim Conner (Mar 11)
- Re: Recommending an IDS system Bob Radvanovsky (Mar 11)
- RE: Recommending an IDS system Nero, Nick (Mar 11)
- RE: Recommending an IDS system Buyer Jr, David (Mar 11)
- Re: Recommending an IDS system Bob Radvanovsky (Mar 12)
- Re: Recommending an IDS system John Kingston (Mar 18)
- RE: Recommending an IDS system Khaled (Mar 24)
- RE: Recommending an IDS system Stephen K. Kodz (Mar 25)
- RE: Recommending an IDS system Haim Chibotero (Mar 29)
- RE: Recommending an IDS system Manoj Kumar Neelapareddy (Mar 30)
- Re: Recommending an IDS system stephen flanagan (Mar 31)
- RE: Recommending an IDS system Manoj Kumar Neelapareddy (Mar 30)