Need advice in picking network security solution

[tekgirl23]

Hi All,

I'm not sure if this is the forumn for this question or not but I'll throw it out there. I'm working at a client where the manager wants to implement a IDS(Intrusion Detection System) and network sniffer solution. Basically we want to

1) monitor and block intrusions into our nework from outside
2) track and block internet abuses
3) track and manage network performance (packets, http, etc..)

All of this is to enhance the Cisco firewally we already have in place. Our network is Windows 2003 AD and what we're really starting to do is build an enterprise network that will provide the stability and protection we're looking for in the long run. We have 2 other branch offices that will need to be protected by this solution as well and I'm sure in the future we will be adding other branches to the scheme of things.

Can anyone recommend any good security products that they've worked with that provides these functionalities?

Thanks,

 

[segment]

Sentivist from NFR would do the trick for you. It's pricey though

http://www.nfr.net

I've used it for quite some time. Its sort of a "Snort" on steriods.

perl -e 'print $i=pack(c5,(40*2),sqrt(7600),(unpack(c,Q)-3+1+3+3-7),oct(104),10,oct(101));'

 

[tekgirl23]

Thanks I'll look into that. I also heard that Checkpoint is pretty good. Any thoughts on that?

 

[segment]

I despise Checkpoint... I used to work @ IBM as a security contractor. We ran Rainwall for Firewall management for about 100+ fw's... Make a long story short, we migrated to Juniper Netscreens. Cisco ASA's... Blah. On my lab I have tons of Cisco stuff I break regularly, new Pix' old Pix' even the ASA's. I spoke to someone at Cisco's PSIRT team about packet injection on Pix and their ASA devices... I'm too lazy to document it all...

http://www.infiltrated.net/mydesk/

If you asked me... Perfect IDS/IPS device hardware base is pound for pound the Sentivist. It may be too much for average companies though, another choice would be to build your own *Nix based server and use Snort_Inline with some heavy modifications and scripting of your own.

perl -e 'print $i=pack(c5,(40*2),sqrt(7600),(unpack(c,Q)-3+1+3+3-7),oct(104),10,oct(101));'

 

[Ed2020]

Astaro is one I've heard of recently (they sponser the SecurityNow! podcast, which I am a big fan of and trust implicitly).

It's paid for if used in a corporate environment but you can download a home copy to install on a spare PC for free.

Ed Metcalfe.

Please do not feed the trolls.....

 

[segment]

Astaro is nothing more than Linux. They do nothing that a standard distribution with standard open source programs wouldn't do. NFR Sentivist, Cisco ASA, and others like it, are programmed from the ground up to focus on solely security (intrusion detection/prevention on these examples). With something like Astaro, you introduce the problems inherent in its operating system (Linux) into your appliance. Meaning, more than likely Linux related security issues will apply to Astaro.

For that matter get OpenBSD, use Snort, IPFW, syslog and call it a day.

perl -e 'print $i=pack(c5,(40*2),sqrt(7600),(unpack(c,Q)-3+1+3+3-7),oct(104),10,oct(101));'