RE: Should I buy IDS ? [7:36053]
For that small of a network SNORT would be fine and it costs quite a bit less. -Original Message- From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 9:32 AM To: [EMAIL PROTECTED] Subject: Should I buy IDS ? [7:36053] I am administrating a network of about 500 computers, 30 servers, and somthink like 70 WAN locations, I have been thinking about the Cisco IDS system, anyone have any good reasons to use one, have you used it, and has it detected much intrusion. I realy need somthing to sell the ides to the managment. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36055&t=36053 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Should I buy IDS ? [7:36053]
Hi, Where can i obtain information on SNORT? Thanks in advance Tel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36057&t=36053 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Should I buy IDS ? [7:36053]
Well...it depends on how secure you want your network!
The size is completely irrelevant... if you own a medical practice with
patient data floating around your network and you only have 10 computers,
with 4 of them offering some type of internet service through the
firewal,etc etc... then I would say yes...ids is important... if you own
jokenetwork.com and you have 50,000 machines trading jokes all day, are you
worried about sombody stealing your jokes? probably not...
If you do decide to implement some type of ids, look at http://www.lids.org/
remember signature based ids are signature based ids regardless of company
and price as long as you have a constant way to update signatures, you
should be fine. To supplement your signature based design, though check out
www.lancope.com ...They have an AWESOME supplement to signature based
systems. Even though there box will trigger on some signature based
attacks, it is not meant to trigger on them as soon as they happenThis
is why I say it is a supplement and not a complete kit.
Of course...a good security policy would help you decide on what you need!
:)
http://www.sans.org/newlook/resources/policies/policies.htm#template
-Patrick
ps. if you run tons of data through your internet connection (45mb plus) or
your ids is from backbone to backbone, I would stay away from LIDS unless
you have a BADA$$ machine to run it on... :)
>>> "Arni V. Skarphedinsson" 02/21/02 09:32AM >>>
I am administrating a network of about 500 computers, 30 servers, and
somthink like 70 WAN locations,
I have been thinking about the Cisco IDS system, anyone have any good
reasons to use one, have you used it, and has it detected much intrusion.
I realy need somthing to sell the ides to the managment.
> Confidentiality Disclaimer
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed. This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36058&t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Should I buy IDS ? [7:36053]
www.snort.org
and remember
www.lids.org
:) Install lids then snort... (unless you are plannign on runnign snort on
a microsoft platform! :) (but that kinda defeats the purpose of security...)
>>> "Tel Khan" 02/21/02 10:12AM >>>
Hi,
Where can i obtain information on SNORT?
Thanks in advance
Tel
> Confidentiality Disclaimer
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed. This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36063&t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Should I buy IDS ? [7:36053]
Hi Patrick, Thanks for the urls Tel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36064&t=36053 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Should I buy IDS ? [7:36053]
Before you go for a solution you need to understand the requirements. What is the threat from attack? What can be lost? What is the impact on the business? If you can demonstrate sufficient requirements for an IDS, selling a solution to management should be easy. Irwin -- Irwin Lazar Senior Consultant and Practice Manager, Burton Group www.burtongroup.com [EMAIL PROTECTED] Office: 703-742-9659 Cell: 703-402-4119 "DrivingNetworkEvolution" -Original Message- From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 9:32 AM To: [EMAIL PROTECTED] Subject: Should I buy IDS ? [7:36053] I am administrating a network of about 500 computers, 30 servers, and somthink like 70 WAN locations, I have been thinking about the Cisco IDS system, anyone have any good reasons to use one, have you used it, and has it detected much intrusion. I realy need somthing to sell the ides to the managment. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36066&t=36053 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Should I buy IDS ? [7:36053]
Ken >>> "Tel Khan" 02/21/02 09:12AM >>> Hi, Where can i obtain information on SNORT? Thanks in advance Tel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36072&t=36053 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Should I buy IDS ? [7:36053]
There is another public domain IDS at http://www.icir.org/vern/bro-info.html
it is also worth checking out http://www.networkintrusion.co.uk/ids.htm for
a detailed list of IDSs
irwin
-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 10:28 AM
To: [EMAIL PROTECTED]
Subject: RE: Should I buy IDS ? [7:36053]
www.snort.org
and remember
www.lids.org
:) Install lids then snort... (unless you are plannign on runnign snort on
a microsoft platform! :) (but that kinda defeats the purpose of
security...)
>>> "Tel Khan" 02/21/02 10:12AM >>>
Hi,
Where can i obtain information on SNORT?
Thanks in advance
Tel
>>>>>>>>>>>>> Confidentiality Disclaimer <<<<<<<<<<<<<<<<
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed. This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36078&t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Should I buy IDS ? [7:36053]
IMO, there is no reason for any organization connected to the Internet not
to run IDS. There is an increasing trend in the security arena away from
formal risk analysis/cost benefit methodologies towards one of implementing
"best practices". There are several reasons for this:
1) Formal risk analysis methodologies generally take a long time and cost a
lot of money. There are abbreviated versions of the process, but it's still
a significant effort to do these correctly.
2) In the end, the effort may not be all that helpful. The problem is that
a risk analysis is based on cost/benefit numbers that don't really map to
hackers and vandals. You may not consider your web server to be worth much
since it has only public data, but it may be very valuable to someone who
can use it to attack other sites. Also, it is nearly impossible to weigh
the risk of a loss of customer confidence in your company. If your site is
publicly compromised, it doesn't matter much whether companies do financial
transactions through your web-site or not, they probably will have a very
dim view of your organization if you can't keep your web site secure.
3) There are efforts underway to formalize best practices for security for
anyone connected to the Internet. (for example, see
http://www.cisecurity.org/) It is logical to assume that as these efforts
become widespread, a company may very well be held financially responsible
if they do not follow these practices under traditional business standards
of "due care". If your site is compromised and is used to compromise other
sites, it is likely you will be sued and lose. If your site becomes a warez
site, software companies may sue you for supporting piracy, and you will
lose. There is simply too much information on good security practices and
too many open source tools that can be deployed for almost zero cost for any
organization to continue to claim ignorance or budget as an excuse for not
implementing basic security measures.
Given this, the question is not "should someone deploy IDS", the question
is "what IDS should we deploy". Snort is an excellent choice for the cost
and has a sizable installed base of admins to help newbies. If budget
permits, there are lot's of decent products to choose from and one can
certainly mix and match open source with commercial tools to suit almost any
budget.
Regards,
Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Patrick Ramsey
Sent: Thursday, February 21, 2002 7:15 AM
To: [EMAIL PROTECTED]
Subject: Re: Should I buy IDS ? [7:36053]
Well...it depends on how secure you want your network!
The size is completely irrelevant... if you own a medical practice with
patient data floating around your network and you only have 10 computers,
with 4 of them offering some type of internet service through the
firewal,etc etc... then I would say yes...ids is important... if you own
jokenetwork.com and you have 50,000 machines trading jokes all day, are you
worried about sombody stealing your jokes? probably not...
If you do decide to implement some type of ids, look at http://www.lids.org/
remember signature based ids are signature based ids regardless of company
and price as long as you have a constant way to update signatures, you
should be fine. To supplement your signature based design, though check out
www.lancope.com ...They have an AWESOME supplement to signature based
systems. Even though there box will trigger on some signature based
attacks, it is not meant to trigger on them as soon as they happenThis
is why I say it is a supplement and not a complete kit.
Of course...a good security policy would help you decide on what you need!
:)
http://www.sans.org/newlook/resources/policies/policies.htm#template
-Patrick
ps. if you run tons of data through your internet connection (45mb plus) or
your ids is from backbone to backbone, I would stay away from LIDS unless
you have a BADA$$ machine to run it on... :)
>>> "Arni V. Skarphedinsson" 02/21/02 09:32AM >>>
I am administrating a network of about 500 computers, 30 servers, and
somthink like 70 WAN locations,
I have been thinking about the Cisco IDS system, anyone have any good
reasons to use one, have you used it, and has it detected much intrusion.
I realy need somthing to sell the ides to the managment.
>>>>>>>>>>>>> Confidentiality Disclaimer <<<<<<<<<<<<<<<<
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed. This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the rea
RE: Should I buy IDS ? [7:36053]
Actually I'm not a big fan of LIDS, I much prefer grsecurity.
It's got some really nice features and its better maintained on alot of
things.
www.grsecurity.net
-jeff
On Thu, 21 Feb 2002, Patrick Ramsey wrote:
> www.snort.org
>
> and remember
>
> www.lids.org
>
> :) Install lids then snort... (unless you are plannign on runnign snort on
> a microsoft platform! :) (but that kinda defeats the purpose of
security...)
>
> >>> "Tel Khan" 02/21/02 10:12AM >>>
> Hi,
>
> Where can i obtain information on SNORT?
>
>
> Thanks in advance
>
> Tel
> > Confidentiality DisclaimerThis email and any files
transmitted with it may contain confidential and
> /or proprietary information in the possession of WellStar Health System,
> Inc. ("WellStar") and is intended only for the individual or entity to whom
> addressed. This email may contain information that is held to be
> privileged, confidential and exempt from disclosure under applicable law.
If
> the reader of this message is not the intended recipient, you are hereby
> notified that any unauthorized access, dissemination, distribution or
> copying of any information from this email is strictly prohibited, and may
> subject you to criminal and/or civil liability. If you have received this
> email in error, please notify the sender by reply email and then delete
this
> email and its attachments from your computer. Thank you.
>
>
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36460&t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
