IDS mailing list archives
RE: Network IDS
From: "Fergus Brooks" <fergusb () evolve-online com>
Date: Wed, 20 Aug 2003 12:04:04 +0800
Big brother is watching so I'll be careful. I have had a fair amount of exposure to the Symantec Gateway Security boxes and can offer a few comments. The SGS is a combination of Raptor firewall (Symantec Enterprise Firewall), gateway AV scanner and signature-based Network IDS with some content filtering as well. It runs on hardened Linux but is sold as an appliance - there is a VT100 terminal as part of the console and though you shouldn't have to access that - however advanced troubleshooting may require access to the operating system. Unfortunately I have found the IDS to be fairly token. I believe there are only around 1000 sigs and the updates are not that frequent. It is certainly not in the league of Symantec's own enterprise NIDS Manhunt. It really is a value add to the Raptor firewall, which is an excellent application-layer firewall and also the Norton gateway AV is top notch. I do think it is a great solution for smaller size businesses - it is certainly very easy to manage and configure. I have heard there are some enterprise-capable boxes on the way. They also ship with Rainwall clustering/HA (at an extra cost of course!) so they can scale etc. So in summary if you are *only looking for an IDS* then the SGS is not for you. It is a good all-in-one solution. I don't know too much about Windows IDS systems so I'll leave the recommendations to others on this list. Rgds... -----Original Message----- From: Duston Sickler [mailto:dustons () charter net] Sent: Saturday, 16 August 2003 11:48 PM To: focus-ids () securityfocus com Subject: Network IDS Hello, I would like to thank in advance everyone who is out of the office. I really do like to hear about it. The Network Administrator for the company I work for has charged me to locate a Network Intrusion Detection System. We do have a monitored firewall between us and the outside world. We need something to protect our servers from anyone coming from the inside. We have about 20 Windows 2000 Servers, 5 NT 4 Servers, and 250 Windows 2000/Thin Net workstations. We live in a 100% Windows world and the powers that be will not be receptive to any *nix solutions. We are more the willing to pay for a top of the line product as long is it is in fact top of the line. Currently I have been looking at the Symantec Gateway Device. We like the idea of a stand alone piece of hardware. The only problem is we already have a gateway server washing our email of viruses and 99% of Spam. Does anyone have any comments on the Symantec Gateway device? We have had excellent experiences with there Gateway software and NAV Corp. Does anyone have a different or better device that they could point me towards? I would like to thank everyone who replies to this post. I have learned a great deal being on this list the last year and will continue to appreciate all the expertise that is freely given here. Duston Sickler CompTIA A+ Certified "Cedo nulli." ------------------------------------------------------------------------ --- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm ------------------------------------------------------------------------ --- -- This message has been scanned by AVMail --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- Re: Network IDS, (continued)
- Re: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS Sam f. Stover (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 25)
- Re: Network IDS Andreas Krennmair (Aug 26)
- Re: Network IDS Barry Fitzgerald (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Mark Teicher (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Andreas Krennmair (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 26)
- Re: Network IDS Gary Flynn (Aug 21)
- RE: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS Joel Snyder (Aug 26)
- Re: Network IDS Andreas Krennmair (Aug 26)