> Could someone just outright come out and tell me what > the best package for intrusion detection is for a > windows 2000 box.
As you've surely seen from responses so far, the answer is a simple "no". "Best" is a relative term. What do you consider "best"...reporting features? Detection? Have you considered intrusion protection using mechanisms inherent to Win2K, like ACLs, etc? Have you considered setting auditing and logging? I've seen several posts recommending snort...but snort runs on 2K, as well (check out the SiliconDefense website for the binaries). There is no reason why you can't use snort on 2K, even to the point of installing it on the box itself w/ a ruleset specifically designed for the box...remove all *nix/Linux-specific rules, and any specific rules for applications you're not using. So, I'd recommend prevent first, then detection. Detection can be based on the host, the network, or both. How you choose to implement either is based on your available resources...do you have the time and effort to invest in learning something new, or is it a matter of immediacy and you have the funds to pay for a third-party application and a consultant to install it? __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
