Security Basics mailing list archives
RE: Recommending an IDS system
From: "Josh Mills" <JMills () cnbwaco com>
Date: Tue, 2 Mar 2004 14:19:33 -0600
actually i think youre wrong, the newest sensor we just recieved runs on redhat. the one we replaced ran on solaris but that is old technology now. The cisco box does a very good job of applying shuns and resetting connections if you are using a cisco router and/or firewall. -----Original Message----- From: Daniel Cid [mailto:danielcid () yahoo com br] Sent: Tuesday, March 02, 2004 1:35 PM To: Josh Mills; Reza Kordi; Andy Cuff; security-basics () securityfocus com Subject: RE: Recommending an IDS system Just correcting, the Cisco IDS sensors runs on Solaris and an advantage under the snort (the open source one) is the possibility to apply a shun (to block traffic) and it's much easies to view/analyze the logs... Daniel B. Cid
--- Josh Mills <JMills () cnbwaco com> escreveu: > I have implemented a new cisco ids solution and i am very pleased with it! the signatures are highly tunable for a commercial package and it seems to be pretty stable. the sensor itself runs on redhat so maybe it isnt that much different than snort. -----Original Message----- From: Reza Kordi [mailto:rk () 4unet net] Sent: Monday, March 01, 2004 2:03 PM To: 'Andy Cuff'; security-basics () securityfocus com Subject: RE: Recommending an IDS system Hi Andy How good can vendor independant IDS solutions (Specially Opensource) work in an Enterprise Cisco Based network? What do you think about Cisco IDS solutions? Best Regards Mit freundlichen GrĂ¼ssen Meilleures Salutations med vennlig hilsen Reza Kordi -----Original Message----- From: Andy Cuff [mailto:lists () securitywizardry com] Sent: Samstag, 28. Februar 2004 11:21 To: Matthew MacAulay; security-basics () securityfocus com Subject: Re: Recommending an IDS system Importance: Low Hi Mat, I was faced with the same dilemma some years back, my site below details the various technologies you can bring to bear. I also wrote an article for SecurityFocus regarding deploying IDS from a vendor neutral standpoint http://www.securityfocus.com/infocus/1754 I'd suggest starting simply and building up but always keep the defence in depth end goal in sight. Also, don't forget that in addition to detecting attacks you have to react to them also. If you need further advice offlist don't hesitate to ask. Finally, if you go down the Network IPS route there are 2 main varieties; rate based and content based, I refer to the former as Attack Mitigation Systems they fill an important role but IMHO are not IPS. Ideally you should have both varieties. There are some products that claim to do both, but ..... take care -andy Talisker Security Tools Directory http://www.securitywizardry.com ----- Original Message ----- From: "Matthew MacAulay" <matthew.macaulay () cobweb co uk> To: <security-basics () securityfocus com> Sent: Thursday, February 26, 2004 12:36 PM Subject: Recommending an IDS systemHello, I have been tasked with looking at andrecommending an IDS system for mycompany. I have been looking at open source products(Snort) which seems to be avery good system with a lot of community support.My problem is we arean ASP. We want connections to be able to reachour systems for theservices we provide. I want to be able to monitorover 100 internetfacing servers (behind Firewalls and loadbalancers) and alert / andpossibly block non normal traffic / detectedattack signatures.After doing some reading into different methodsIDS v IPS, Host vNetwork, I favour a combination, we have at anyonetime up to 50,000concurrent connections to our systems so I have aproblem of scale. OneSnort box is just not going to cut it! Looking at how I can "tap" into the networktraffic has been partiallysolved by using IDSVLANS which is supported by ourSwitch hardware.(Nortel 8600) So an IDSVLAN could be setup foreach of our existingVLANS and a couple of load balanced IDS boxes perIDSVLAN to alert to acentral server to produce reports / alert / wakepeople up.... Soundsgreat. Though I have not looked at it in as much detailas network based IDS, Iexpect I can get a hosts based IDS to also alert(SNMP or what ever) toa central server to again produce reports / alerts/ wake people up.I am interested to here what systems you use to doIDS / IPS. Do youhave in place IDS systems for platforms of alarger or similar scale? Iwould like to here from people have who have facedsimilar challenges.Questions I keep asking myself: Am I trying to do too much, should I justconcentrate on host based IDS?Is network based IDS the right way to go? Or am I right in trying to do both? Should I be using an open source product to do ID? Are there commercial products which can do what Iwant?Your thoughts, recommendations and pointers tofurther reading arewelcome. Regards, Mat.
----------------------------------------------------------------
The information in this email is confidential andmay be legallyprivileged. It is intended solely for theaddressee. Access tothis email by anyone else is unauthorised. If youare not theintended recipient, any disclosure, copying,distribution or anyaction taken or omitted to be taken in reliance onit, isprohibited and may be unlawful. If you havereceived thiscommunication in error please return it to thesender, thendelete and destroy any copies of it.
----------------------------------------------------------------
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
=== message truncated === ______________________________________________________________________ Yahoo! Mail - O melhor e-mail do Brasil! Abra sua conta agora: http://br.yahoo.com/info/mail.html --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_security-basics_040301 ----------------------------------------------------------------------------
Current thread:
- Re: Recommending an IDS system Andy Cuff (Mar 01)
- RE: Recommending an IDS system Reza Kordi (Mar 01)
- <Possible follow-ups>
- RE: Recommending an IDS system Josh Mills (Mar 02)
- RE: Recommending an IDS system Daniel Cid (Mar 03)
- RE: Recommending an IDS system AJ Butcher, Information Systems and Computing (Mar 04)
- RE: Recommending an IDS system AJ Butcher, Information Systems and Computing (Mar 03)
- RE: Recommending an IDS system Daniel Cid (Mar 03)
- RE: Recommending an IDS system Dave Gonsalves (Mar 02)
- RE: Recommending an IDS system Buyer Jr, David (Mar 02)
- RE: Recommending an IDS system Josh Mills (Mar 03)
- RE: Recommending an IDS system Hoang, Binh P,,DMDCWEST (Mar 03)
- RE: Recommending an IDS system Buyer Jr, David (Mar 03)
- RE: Recommending an IDS system Josh Mills (Mar 03)
- RE: Recommending an IDS system Fields, James (Mar 03)
- RE: Recommending an IDS system Josh Mills (Mar 03)
- Re: Recommending an IDS system Bhargav Bhikkaji (Mar 04)
- Re: Recommending an IDS system Bob Radvanovsky (Mar 04)
- Re: Recommending an IDS system Karsten Iwen (Mar 08)
- RE: Recommending an IDS system Fields, James (Mar 04)
- RE: Recommending an IDS system Fields, James (Mar 04)
(Thread continues...)