Re: Need recommendations about IDS Systems

Hi Jenn

You mention having an IDS on your DMZ and perimeter, it may be worth having one on the inside also depending on your budget and network topology.

As to selection, take your time and evaluate the contenders fully before you make a final decision. Most of them have some really good features and failings. It would take a far better man than I to suggest a particular IDS that would suit your network based on what you have said. Snort is mentioned and it is a phenomenal beastie but no IDS is really free, they take a great deal of TLC in the form of tuning and management. I built my website when I was in exactly the same boat as you, it started as just a list of every IDS available, I then reduced the list to around 4 that suited my network, then tested them extensively. They do vary greatly, but it's great fun playing with them and understanding what you want from an IDS. My pet hate at the moment is how they report events and whether there is sufficient information for an analyst to understand what they are dealing with.
http://www.networkintrusion.co.uk/N_ids.htm On my website I have a few salient details with links to the sites on:

BlackIce Guard (ISS)
BlackIce Sentry (ISS)
BorderGuard
CaptIO
Cisco Secure IDS
CyberTrace
Defense Worx IDS
Dragon
E-Trust IDS
Hogwash
IntruShield
Manhunt
Netprowler
Network Flight Recorder
Netranger
NID/JID
nPatrol
OneSecure IDP
Sourcefire
RealSecure Network Sensor
RealSecure Guard
RealSecure Sentry
SecureNet Pro
Sessionwall3
SHADOW
Shoki
Sentrus
Snort
StealthWatch
Tamandua

Hope this helps
take care
-andy

Taliskers Network Security Tools
http://www.networkintrusion.co.uk
----- Original Message -----

From: "Jennifer Fountain" <JFountain@rbinc.com> To: <security-basics@securityfocus.com>
Sent: Friday, January 24, 2003 7:44 PM
Subject: Need recommendations about IDS Systems

I have been looking at a couple IDS systems and reading reviews. My head = hurts :) Any recommendations ? I want something to sit inside my = network, in the DMZ and outside. I want it to also email me and send = information to my syslog server. OS doesn't matter. I can do nt or = linux.
thanks!

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Thank you
Jenn Fountain Received on Wed Jan 29 19:53:54 2003