| Posted by concept, 08-25-2008, 01:40 PM | | We are looking for an IDS system to play with at work, and eventually take live if we get the clearance.
We have been looking at different setups. Does anyone have thoughts on the pro/cons of boxes that just monitor traffic, or ones that just monitor server logs?
We have probably 15-20 machines we would want to try this out with. Some are windows 2003 AD servers, and Exchange 2007, other are xserves running 10.4.x and 10.5.x
We have looking into things like snort, and the cisco mars box. But at this time we think it would be an easier sell to stick on the cheap/free side and not go hardware based, until we can show that this will be something worth wile.
Does anyone have suggestions on what we should use, or a program that is like the standard.
Thanks,
|
| Posted by andrewk, 08-25-2008, 01:48 PM | | snort.org ------
|
| Posted by jseymour, 08-25-2008, 02:12 PM | | OSSEC HIDS. ossec.net
|
| Posted by TheITAdvisory, 08-25-2008, 03:23 PM | | Snort, tcpdump, maybe honeyd, and a good log file backup script.
|
| Posted by pmabraham, 08-25-2008, 03:43 PM | | Greetings:
Ditto on ossec and snort.
Thank you.
|
| Posted by chrda, 08-26-2008, 12:56 AM | | I can recommend OSSEC, Only testet it as standalone for now, but it works very good! Easy to remove false alerts
|
| Posted by prashant1979, 08-26-2008, 05:01 AM | | How about Tipping Point? Anybody used it previously?
|
| Posted by mgphoto, 08-26-2008, 09:15 AM | | We have the Tipping Point system as part of our security. It is excellent but like all security devices it is not a set and forget piece of equipment. You must take the time to learn the device and rule sets.
Contrary to what all the IDS/IPS vendors state they all only stop about 50%-70% of the DDoS type of attacks.
I do recommend their products though and their support has been excellent.
PS: Network security is multitierd and needs to start at the individual server level.
|
| Posted by JBapt, 08-27-2008, 06:51 PM | | use ossec! most definetely!
install a ossec server and install the ossec probes where neeeded. Its been perfect for all of our server maintenance and auditing needs
|
|
 Add to Favourites
 Print this Article
|
