| View Question |
|
|
 | ||
|
| Subject:
Best Intrusion Detection System IDS -Security Experts Welcome
Category: Computers > Security Asked by: npriority-ga List Price: $10.00 |
Posted:
17 Dec 2002 01:48 PST
Expires: 16 Jan 2003 01:48 PST Question ID: 125895 |
Hi Folks, First time poster. I am a network consultant and wish to provide my clients with an IDS Solution. I have done some research and would like to know what method should be used host-base IDS or a stand-alone server for the IDS Solution or both. This system should also update it's rules by itself, good reports to show off to management and most important be easy to manage. I have been looking at StillSecure and Snort but want to know what the security experts think. My clients are also 25-150 users so the budget should be under 8K. thanks in advance. |
| ||
|
| Subject:
Re: Best Intrusion Detection System IDS -Security Experts Welcome
Answered By: webadept-ga on 17 Dec 2002 10:45 PST Rated:  |
Hi, Personally I'm a big fan of appliance over software systems. Keeping the scans off the main server has advantages in performance and security. Cisco's Secure IDS and ISS's RealSecure are rather good at this. Here is a review of those systems http://www.nwfusion.com/reviews/2000/1218rev2.html An article http://www.nwfusion.com/news/2002/0701ids.html Unfortunately all of the systems have their problems, which brings me back to Snort more often than not. Though it's not fancy looking and the reports aren't as spiffy (is that a real word?) the detection is probably the best out there at any cost and is constantly undated and reviewed by SO's all over the world. With that type of security, writing a few Perl scripts to make the reports look fancy is a small price to pay. Most of the time when a group of IDS packages are tested for a review, SNORT is up there in the 1st or 2nd slot, much to the high price systems chagrin. More often these days the higher priced appliances are using the source code of SNORT in their software. Just between you and me, the only time I don't use Snort with a client is when the client can't get around the brand name, big company, factor and just has to purchase something expensive to talk about at the gold club. Then I get him the Cisco. Links http://www.mcpmag.com/Features/article.asp?EditorialsID=294 Snort top, all others commended NetProwler 3.5.1 RealSecure 6.5 Dragon 5.0.2 Snort 1.8.7b121 with Analysis Console for Intrusion Detection 0.96b21 http://www.nss.co.uk/ids/edition3/index.htm review without authored conclusion. RealSecure top for detection Cisco Secure IDS 4230 ISS RealSecure 7.0 Snort 1.8.6 Entercept 2.5 NFR HID 2.0 Okena StormWatch 2.1 http://osec.neohapsis.com/results/ pure testing results - no conclusions. ISS RealSecure 7.0 Last Revision: Aug. 23, 2002 IntruVert Intrushield 0.97.12 Last Revision: Aug. 23, 2002 Intrusion, Inc. Testing in progress. SourceFire Scheduling in progress. NFR Not Scheduled Cisco Systems Not Scheduled Enterasys Networks Not Scheduled OneSecure/Netscreen Not Scheduled Tippingpoint Not Scheduled http://www.networkcomputing.com/1307/1307f2.html review of IDS management tools netForensics netForensics 2.3 GuardedNet neuSecure 1.5 Intellitactics Network Security Manager 3.3 e-Security e-Sentinel 3.1 Enterasys Networks Dragon Squire IBM Corp. Tivoli Risk Manager 3.8 Intrusion Detection FAQ http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm The integrity checker tools include tripwire ftp://coast.cs.purdue.edu/pub/tools/unix Snort (Probably the best system out there at any cost) http://www.snort.org/ SecureHQ - INtruson Detection Reviews https://www.securehq.com/shqreview.wml&sessionid=200211323492516678&superdeptid=10 Test Centre prod 1 http://www.scmagazine.com/scmagazine/2000_06/testc/prod1.html Intrusion Detection products grow up http://www.nwfusion.com/reviews/2001/1008rev.html Intrusion Detection Software (IDS) Product Comparisons http://www.esecuredb.us/dscgi/ds.py/View/Collection-612 Query's IDS +security Intrusion detection system IDS security intrusion detection +reviews Cisco Secure IDS and ISS's RealSecure SNORT IDS +Review +2002 thanks, webadept-ga | |
| |
| |
npriority-ga
rated this answer:
Thanks WEBADEPT this is a good head start in the right direction. For gui I found IDS Center. I don't know if you came across that one before. |
| ||
|
| Subject:
Re: Best Intrusion Detection System IDS -Security Experts Welcome
From: rpt-ga on 17 Dec 2002 07:00 PST |
under that budget, something like snort, tripwire and some scripting will do the work. for a full flaged N & HIDS I advise Dragon, from enterays. Nice, simple, performante, unix based, scriptable, updatable (console), export data in various formats, nice interface, building and importing signatures , the works. |
If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you. |
| Search Google Answers for |
| Google Home - Answers FAQ - Terms of Service - Privacy Policy |