Rob,
IDS products vary considerably. There are host based products like Tripwire and TCP wrappers. And there are network based products like Network Flight Recorder and NetRanger. There are also alarm and trap type products that can be used in conjunction with control devices like your PIX firewall or routers.
Generally speaking, the closer the IDS is to the activity you want to monitor, the more effective it is. In other words, a host based IDS is better at detecting an attack against the host then a network based IDS that is watching for host attack packets. IDS code build into your Web applications are better at detecting Web server attacks then host based IDS.
If you are talking about host based IDS products for the NT operating system there are several available although I have only have experience with Tripwire which I highly recommend. There are several event log monitors out there, perhaps some of the other list members can make some recommendations on those products.
If you are looking at network based IDS products then finding one that is effective running on the NT platform may prove to be a challenge. The I/O and processing requirements for real time IDS are difficult to achieve under UNIX.
-- Bill Stackpole, CISSP
| "Rob Serfozo" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 08/03/00 07:25 AM
|
To: "Firewalls LIST" <[EMAIL PROTECTED]> cc: Subject: Intrusion Detection |
We are investigating the installation of Intrusion Detection software.
Wondering if the list had any opinions good or bad towards any product. We
are hoping to be able to run on a Windows platform. We are currently using
a PIX firewall.
Thanks,
Rob Serfozo
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
