Sean Young wrote:
>
> I have a few suggestions for you:
>
> 1) get rid of Microsoft windows servers and Sun Solaris;
> Use only NetBSD and software that are open-source,
This is the most ignorant suggestion I have ever seen. How many
times will it have to be repeated before it gets through... OS's
aren't secure. None of them. Proper administration, among other
things, makes them more secure, but nothing is ever totally secure.
Anyone who thinks otherwise is a fool. And furthermore, I wish
everyone would stop thumping their chests about *BSD and how
wonderfully secure it is...
>
> 2) Replace Cisco routers with Juniper routers,
Do you actually think this makes sense?
>
> 3) For IDS software, I strongly recommend Man-Trap and Man-Hunt. If you
> are
>
> just a cheap-skate like me, Tripwire is a pretty solution too.
Tripwire (or AIDE, take your pick) is not an IDS solution. It is
a file integrity checker. I will not detect an intrusion, it detects
the consequences of an intrusion, specifically the modification of
files. For a network IDS, I think the general consensus is that
SNORT is tops. For a host based IDS... well, I use commercial ones,
so I really have no opinion.
And to the OP... to be specifically technical, an IDS does nothing
to assist your security. It allows you a greater incident response
capability. (and anyone who mentions things like dynamic ACL updates
and router shunning, etc... Show me a network that does this, I'd
love to see one.)
Maybe one day someone will release an IPS (intrusion prevention system)
but until then, we can only react.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4635&t=4610
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
