Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help about understating the Intrusion Detection systems 2

Status
Not open for further replies.
bhphoto

bhphoto

IS-IT--Management
Jul 30, 2003
57
0
0
CH
Can anyone please explain me what Intrusion Detection systems are doing that a firewall is not doing and the other half the Antivirus is not doing?

And if you can please refer me to a good and effective intrusion detection system?!

Your help is very much appreciated

Thanks-In-Advanced
Joel
 
Sort by date Sort by votes
Well you can find out more about intrusion detection (IDS) here
It's an open source IDS

Firewall - stops external packets of network traffic from getting into your system in the first place.

IDS - examines the packets which are allowed past the firewall for suspicious activity.
Here is an example report from snort

Anti-virus protects the local machine by examining the content of each executable file to determine if it contains harmful code.

All three are important parts of the overall defence of your system.
 
Upvote 0 Downvote
A new trend, beyond IDS notion, is IDP (Intrusion Detection and Prevention)

The main idea is that IDSs only report activity, but they can not stop malicious traffic. IDPs discard malicious traffic before it can impact your security. Of course configuration tunning is very important to prevent normal traffic to be considered as malicious traffic.

As Salem told you, all of these controls are an important part of your multilayer defence system.

bbandolero.
 
Upvote 0 Downvote
Thanks for the response for both of you and all of you for in the future, we are looking to buy an Intrusion detection system and therefore I would like to ask your recommendations,
1. I prefer to have an IDS\P on its own hardware the reason that it shouldn’t use anyone’s memory and resources and it is much neater when it has got its own hardware to manage it…
2. as bbandolero wrote I should be looking for an IDP but as far as I understand IDP can be very dangerous if not setup correctly because it can block and do things inappropriately
3. if there is a feature like this to combine this with a network snifter to see what slows physically down the network {like LANHound: for instance damaged NIC cards.

Any comments please reply with your recommendations with your personal experiences.

Have a nice Tuesday
and Thanks-a-lot
Joel
 
Upvote 0 Downvote
Intrusion Detection comes in two forms: Host-based and network-based. Each protects against things that the other cannot. While I would not want my server running the NIDS, I do run HIDS (Tripwire) on all of my servers.

All NIDS are network sniffers. But for my money, I'd run Ethereal for sniffing, and MRTG for statistical analysis. If I really want graphics on the sniffer, I use Etherape. All open-source software (read "FREE") and I haven't used anything that I thought was more effective, although some of the Network General stuff has been more user friendly.

Take a look out on Source Forge, before sinking your entire budget into something that may not provide you what you want/need.

Not that I don't use commercial software, I do, but I always use a free version first, to figure out what is good and bad about a given class of application before spending money on something that doesn't do what I was expecting.

If you are afraid of Linux, try Knoppix, It will allow you to run Linux on one of your systems without modifying it in any way. It is a bootable CD and has most (all???) of these apps installed.


pansophic
 
Upvote 0 Downvote
I agree that HIDS is an important tool and that you should always test a commercial product before purchasing it. Personally, I believe that there are much better HIDS tools out there than Tripwire. For instance, Pedestal Software INTACT offers real-time monitoring (as opposed to scheduled with Tripwire) and a central configuration architecture (again, something that Tripwire doesn't have). It's also about half the cost of Tripwire.

Food for thought...
 
Upvote 0 Downvote
I second Knoppix, it's a fantastic distro and excellent for system recovery as well as tasting Linux.
 
Upvote 0 Downvote
Thank you all for your help and info, FYI, for now I found a company “Guardian Digital” referred by some and they seem to be suitable for my price range and needs, if anyone has got any comments {good or bad} and knows about them please let me know.

All the best.

Thanks
Joel
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
140
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
156
intel233
intel233
tklamb
  • Locked
  • Question
ACL help
Replies
0
Views
45
tklamb
tklamb
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
55
PauS0n
PauS0n
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
116
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top