IDS Implementation

- R
- rneshko
  
  Contact options for registered users
posted
18 years ago

Fri, Oct 7, 2005 3:01 PM

I have been asked by my company to research different IDS solutions, both out-sourcing the service and doing it inhouse. Could anybody with first hand experience give me some info on how these systems are implemented in the case out-sourcing and doing it inhouse. I am currently looking into Symantec's IDS/IPS service but, it doesn't give much insite into what I would need for software and stuff or how to implement it. I am also looking at IBM's Intrusion Detection Services (also an out-sourced solution). As you can tell, I am not a Network Admin person, just got shoved into this roll due to lack of resources. Any help is appreciated, thanks!

Loading thread data ...

- H
- hans m41
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sat, Oct 8, 2005 1:49 PM

i have experience since years with iss from realsecure imho it's not manageable - the resource for manageing is to high iss is more an ids than an ips. i also played around with snort. snort gives more flexibility at writing own rules, but is less manageable than iss. there are a lot of false positives. it tooks serveral weeks to reduce the amount of events to a reasonable number of entries. and i have only 12 c-classes of ip-addresses.

i have also heard from mcafee's ips, but never worked with it. mcafee has it's own hardware box and can communicate with checkpoint. as i heard mcafee's ips should be fine and adminstrative costs sould be small. but somebody else could give his experience with mcafee. my next try would be mcafee.

my experience, all ids/ips are still at the beginning, even if they are several years old.

best regards hans

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.