nanog mailing list archives
Re: Intrusion Detection recommendations
From: Jimmy Hess <mysidia () gmail com>
Date: Fri, 13 Feb 2015 21:50:44 -0600
On Fri, Feb 13, 2015 at 11:40 AM, Andy Ringsmuth <andy () newslink com> wrote:
NANOG'ers, I've been tasked by our company president to learn about, investigate and recommend an intrusion detection system for our company.
An important thing to realize is that an Intrusion Detection System is not a "product" you can buy. And if your org. is 100 people, you should probably think about engaging some professional security services firms to help, starting with a basic Info. security and physical security audit from an independent third party. An intrusion detection system consists of an infrastructure stack containing vigilant dedicated human beings, devices, various software for instrumenting the network in different ways and analyzing collected data, documentation, business, and security processes within the organization. Without enough of all those pieces, there are plenty of off-the-shelf IPS offerings, BUT using one could very well instill a false sense of security, because you have no idea if the product is actually doing a good job at what it is supposed to do, and not just presenting a "perception" of security mostly by tackling just whatever bugs or malware is appearing in the news headlines of the day. Also, there is the matter of being equipped with suitable analysis and response plans to be prepared for the time that the IDS alarm actually goes off, and to be able to determine if it's actually legitimately a false alarm, something meriting investigation, or if it represents an emergency.
We're a smaller outfit, less than 100 employees, entirely Apple-based. Macs, iPhones, some Mac Mini servers, etc.
[snip] -- -JH
Current thread:
- Re: Intrusion Detection recommendations, (continued)
- Re: Intrusion Detection recommendations Rich Kulawiec (Feb 14)
- Re: Intrusion Detection recommendations BPNoC Group (Feb 14)
- Re: Intrusion Detection recommendations Jimmy Hess (Feb 14)
- Re: Intrusion Detection recommendations Mel Beckman (Feb 13)
- Re: Intrusion Detection recommendations Justin M. Streiner (Feb 14)
- RE: Re: Intrusion Detection recommendations Darden, Patrick (Feb 19)
- Re: Intrusion Detection recommendations Owen DeLong (Feb 19)
- Re: Intrusion Detection recommendations Rafael Possamai (Feb 14)
- Re: Intrusion Detection recommendations Jimmy Hess (Feb 14)
- Re: Intrusion Detection recommendations Charles N Wyble (Feb 14)
- Re: Intrusion Detection recommendations Rich Kulawiec (Feb 14)
- RE: Intrusion Detection recommendations Colin Bodor (Feb 15)
- RE: Re: Intrusion Detection recommendations Darden, Patrick (Feb 19)
- RE: Re: Intrusion Detection recommendations Darden, Patrick (Feb 19)