Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

vulnerability Scan and Intrusion Detection project... would like some

Status
Not open for further replies.
mlchris2

mlchris2

Technical User
Mar 18, 2005
512
US
One of the divisions of the company I work for received feedback from an audit and I not have a project that needs to be implemented by the end of year 2010. I come searching for feedback on what others might be using, which products to shy away from, etc. I appreciate any input you can offer.

I have been instructed to;

1. obtain a detailed Vulnerability scan or penetration test every year that shows the vulnerability points in our external network.

2. Implement a Intrusion detection system to protect several servers and databases.

what can you recommend I look at? I've looked at Juniper IDP and SSX products, Qualys and NitroSecurity thus far.

thanks

Mark C.
 
Sort by date Sort by votes
You might want to look at Nessus for vulnerability scanning. It was the tool of choice at multiple places where I have worked.

As far as intrusion detection, start by researching the difference between host based and network based intrusion detection. They are separate functions that ultimately work together to provide a unified solution.

Most of my experience with intrusion detection is on Linux based servers. You didn't specify what OS you are running. On Linux, I use a combination of Ossec and Snort. A program called Samhain seems to be quite popular.

Network intrusion detection works on the principle of placing an adapter in promiscuous mode where it looks at ALL of the traffic on a network. It then uses packet inspection to watch for and match certain suspicious patterns. The patterns are frequently updated in response to emerging threats. By way of comparison, host based intrusion detection watches for changes on a server that indicate compromise.

As part of a holistic approach you will need to implement procedures and practices to routinely upgrade your detection signatures. You should also get a habit of monitoring the system logs. In Linux, a program called logwatch is good for this, but you should also manually scan things on a period basis.

It also goes without saying that these measures are all secondary to a good practice of hardening the servers themselves. Use of good passwords and other proper authentication, control of access lists, user privilege, correctly setting up firewalls, etc. Without these intrusion detection is almost futile.



 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Solved
Not able to log into my previous account, and there's no "Forget Password"
Replies
15
Views
1K
Chris Miller
Chris Miller
DrB0b
  • Locked
  • Question
Help Please, Trying to Convince Company Mixing Personal and Corporate Email is Bad Practice
Replies
9
Views
595
DrB0b
DrB0b
jmkelly
  • Locked
  • Question
Interesting port-scanning attack--anyone seen this?
Replies
4
Views
191
iggsterman
iggsterman
nate901
  • Locked
  • Question
(1) Cell phone app security and (2) Shared-site login security
Replies
1
Views
84
Noway2
Noway2
akacommie
  • Locked
  • Question
Text Message and Mobile Encryption Product
Replies
0
Views
71
akacommie
akacommie

Part and Inventory Search

Sponsor

Back
Top