Well...it depends on how secure you want your network! The size is completely irrelevant... if you own a medical practice with patient data floating around your network and you only have 10 computers, with 4 of them offering some type of internet service through the firewal,etc etc... then I would say yes...ids is important... if you own jokenetwork.com and you have 50,000 machines trading jokes all day, are you worried about sombody stealing your jokes? probably not...
If you do decide to implement some type of ids, look at http://www.lids.org/ remember signature based ids are signature based ids regardless of company and price.... as long as you have a constant way to update signatures, you should be fine. To supplement your signature based design, though check out www.lancope.com ...They have an AWESOME supplement to signature based systems. Even though there box will trigger on some signature based attacks, it is not meant to trigger on them as soon as they happen....This is why I say it is a supplement and not a complete kit. Of course...a good security policy would help you decide on what you need! :) http://www.sans.org/newlook/resources/policies/policies.htm#template -Patrick ps. if you run tons of data through your internet connection (45mb plus) or your ids is from backbone to backbone, I would stay away from LIDS unless you have a BADA$$ machine to run it on... :) >>> "Arni V. Skarphedinsson" 02/21/02 09:32AM >>> I am administrating a network of about 500 computers, 30 servers, and somthink like 70 WAN locations, I have been thinking about the Cisco IDS system, anyone have any good reasons to use one, have you used it, and has it detected much intrusion. I realy need somthing to sell the ides to the managment. >>>>>>>>>>>>> Confidentiality Disclaimer <<<<<<<<<<<<<<<< This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. ("WellStar") and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. ================================================================ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36058&t=36053 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]