| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Sep 28 10:31:57 2005 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Suggestion for IDS On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said: > Our company plan to install IDS to protect our resources, I'm already read > about snort as NIDS, but, that's software based. I'm interesting with > hardware based that will work transparently with our Cisco PIX, no need to > make changes in our firewall. What's your suggestion. Step 1: Learn that there's no *true* hardware-based solutions here. What you're really buying is a box with a CPU, some memory, a network interface or three, and some software. Many "hardware" IDS are in fact just Snort-in-a-box, or optimized-Snort-in-a-box. Others will be some other "software in a box". To understand why, consider why you can't get a high-speed line card from Cisco (which *are* lots of black-magic ASIC hardware) to do any significant filtering to the level that Snort inspects packets.... Step 2: An IDS doesn't *protect* your resources, any more than a concealed video surveillance camera protects anything. It may tell you who did it, and what they did, *after the fact*, but it won't *protect* you. (At least a *visible* video cam might make the malefactor think twice - but who *ever* has an IDS that's as visible as (say) the video cameras in a bank lobby??) :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050928/30aed9c8/attachment.bin
Powered by blists - more mailing lists