PIX and Intrusion Detection Systems

[technical1]

Hi,
I was after some general examples of what people used for Intrusion Detection Systems (IDS). Ive been told you shouldnt solely rely upon the PIX firewall for network security.

You should have some form of IDS running monitoring packets for any hacking attempts which the PIX may not pick up.

So what other forms of security do people use, that are effective.

Regards,
Vinay

 

[tbissett]

If you're up to the challenge of a steep learning curve, Snort is free, and about as good as it gets for signature-based IDS. In my opinion, the jury is still out on heuristic IDS systems and whether they really do trim the false positives (which are the biggest headaches of IDS).

If you have $2000-$3,000, look at Demarc's PureSecure (

http://www.demarc.com).

It's based on Snort, but with a very nice GUI that goes a long way to presenting the data in a readable format.

 

[technical1]

Hi,
Thanks for your response, I have looked at SNORT seems very intense.

But what does everyone else use?
I imagine there are lots of PIX users here, do they have anything else in place apart from the PIX. My point is can you solely rely upon the PIX to filter out the nasties?

Regards,
Vinay

 

[bwilliam13]

Short answer, no.

You also need to rely on host-based IDS...which is what Snort is. A Pix is basically a network-level IDS. Once a hacker is past it, it no longer logs anything. You need separate logging on each host that needs to be protected.

You should be hard on the outside, crunchy on the inside.