[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Tim Anderson
Hi, Suggestions: Depends upon the approach you wish to use 1. Use Nokia box bundled with RealSecure in case you are concerned about bandwidth issues. X-Force is very active in security and the signature updates (X-Press update service) are extremely reliable. There is no substitute to this brilliant combination. 2. You can also go for a Netranger box if many of the equipment at your site are Cisco equipment. Snort is a light weight IDS and cannot replace the mighty ones like RealSecure and Netranger. You may place it on your internal network so that you can define your own rules while saving on the cost of buying another IDS license for the internal network. Do not rely on it for mission critical servers/networks. Sensor placement: Depends what kind of a business you have. How important it is for you to thwart inside attacks in addition to the outside intruders. Sensor placement issue is critical in that it is important for you to understand that sensors placed on a HOT DMZ will definitely let you show to the management the various kinds of attacks received while assisting you in your endeavor to secure your assets, ameliorate network security policies and most important of all - Increase the perceived risk of discovery. Insiders have been known to cause as much or even more damage (because of elevated privileges) in comparison to the outside intruders and it would become necessary for you to place a sensor on critical network segments. You could use RealSecure Server sensor on critical hosts in your network. A judicious combination of hostbased and network based IDS systems along with a flawless design will let you thwart most of the attacks orchestrated on your network. Regards, Andy From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Tim Anderson Sent: Donnerstag, 29. November 2001 18:16 To: [email protected] Subject: [FW-1] Best IDS?? We have budget to purchase an IDS and would like to get suggestions from you fine folks. We are looking at SNORT since it is free (except for the equipment costs) and ISS Real Secure. We are open to other suggestions as well. Also where do you guys have your sensors? We were thinking that having one on the DMZ is probably enough but we want some input from others before we decide. Thanks! Tim Anderson Suggestions: Depends upon the approach you wish to use 1. Use Nokia box bundled with RealSecure in case you are concerned about bandwidth issues. X-Force is very active in security and the signature updates (X-Press update service) are extremely reliable. There is no substitute to this brilliant combination. 2. You can also go for a Netranger box if many of the equipment at your site are Cisco equipment. Snort is a light weight IDS and cannot replace the mighty ones like RealSecure and Netranger. You may place it on your internal network so that you can define your own rules while saving on the cost of buying another IDS license for the internal network. Sensor placement: Depends what kind of a business you have. How important it is for you to thwart inside attacks in addition to the outside intruders. Sensor placement issue is critical in that it is important for you to understand that sensors placed on a HOT DMZ will definitely let you show to the management the various kinds of attacks received while assisting you in your endeavor to secure your assets, ammend network security policies and most important of all - Increase the perceived risk of discovery. Insiders have been known to cause as much or even more damage (because of elevated privileges) in comparison to the outside intruders and it would become necessary for you to place a sensor on critical network segments. You could use RealSecure Server sensor on critical hosts in your network. A judicious combination of hostbased and network based IDS systems along with a flawless design will let you thwart most of the attacks orchestrated on your network. =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|