Need advice on network and host based IDS

Discussion in 'other security issues & news' started by ggratto, Feb 28, 2003.

Thread Status:
Not open for further replies.
  1. ggratto

    ggratto Registered Member

    Joined:
    Feb 28, 2003
    Posts:
    3
    Need advice on network and host based IDS solutions.
    Have you used one?
    Pros and cons?
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    At work, my company made an investment in RealSecure from ISS. We tried two different pieces, the network based sensors and the server based ones. We had a lot of difficulty getting much out of the network sensors given the complexity of our networks (a large number of switched vlans) and ultimately decided the best way was to put the IDS on every server. (The idea being an attack had to have a target... Monitoring every target gives you a greater chance of catching the intrusion, versus trying to monitor the network wire directly.)

    You didn't say whether you were talking about a home or an enterprise solution, so, I figured I'd give you information from a large scale business network perspective, as it's more interesting than installing an IDS on a small home setup.
     
  3. ggratto

    ggratto Registered Member

    Joined:
    Feb 28, 2003
    Posts:
    3
    I am looking for a enterprise solution
    Currently looking at

    Cisco
    Dragon
    SHS
    symantec

    Thanks for the info.
     
Loading...
Thread Status:
Not open for further replies.