>From: Jonathan Roberts [mailto:[EMAIL PROTECTED]] >Sent: Thursday, May 30, 2002 12:49 PM >To: [EMAIL PROTECTED] >Subject: windows 2000 Intrustion Detection > >Could someone just outright come out and tell me what the best package >for intrusion detection is for a windows 2000 box.
I'm sure this will sound like a smart-a$$ reply but the answer to that is "no". Not, "no, I won't tell you." It's more like, "no, nobody can tell you that." It doesn't work that way. While there are certainly some systems that are better than others, no one IDS package is going to be "the best". I have about thirteen years experience managing networks but I am still in the infancy stages of learning the ins and outs of security. The one thing I have found for sure is that there is no "best". No "safest". There is no magic bullet. The only way to figure out which will work best for you is to try them all. While that does leave certain products out, there are many that offer trial downloads and, of course, there are always the free, open source products. What do I use? I use a variety of open source pieces. Why? It's free, it's malleable and learning how to manipulate Snort and a few other gems is teaching me more about intrusion detection and Linux. Are there others that would be easier? Sure. Would they be as accurate? Some would, some wouldn't. Would my company be willing to fork over the big bucks when this one is free. Maybe if I begged. But I'm comfortable with my setup. That's what you have to find. The package that you are comfortable with.
