What do you guys use for yoru networks?

[MattWray]

I was thinking of maybe incorporating SpySweeper Enterprise in our network. Curious what everybody else is using, or looking at...


Thanks,

Matt Wray

GFH

http://www.sss-steel.com

 

[MichealC4]

I personally use at work:

Hijackthis
Spybot
McAffee
File system surfing (my favorite )
Registry surfing
Intrusion Prevention System
Intrusion Detection System

The latter two are configured to alert me when say Gator shows up on the network.

I would use Adaware except per the license, I can't use Adaware without paying for it. (read: I work for the education sector that is funded by the state )

----------------------------
"Security is like an onion" - Unknown

 

[MattWray]

I personally use at work:

Hijackthis
Spybot
McAffee
File system surfing (my favorite )
Registry surfing
Intrusion Prevention System
Intrusion Detection System

You install each of these local on all the machines?!
How do you run them? We can pay for our software, so if you have any others that you recommend that are not necessarily free...

Thanks,

Matt Wray

GFH

http://www.sss-steel.com

 

[sleipnir214]

My organization just finished an evaluation of SpySweeper Enterprise. We will be deploying the software.

The feature I thought in the long run would be the most useful is SpySweeper's monitoring of the registry and files.


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[MichealC4]

You install each of these local on all the machines?!
How do you run them? We can pay for our software, so if you have any others that you recommend that are not necessarily free...

Actually I do. I install the software and run it as pc's come in to us as part of the maintanence and cleaning on each pc. Hijackthis usually is removed, but spybot stays. The IDS and IPS are network-based, so we watch those for signs of spyware/malware and react as necessary instead of waiting for a pc to be brought in, or a user calling and complaining. I also go through the file system when spybot and hijackthis can't fix everything and usually I can get things pretty clean from there. Of course I also clean up the registry a little as well. If you are willing to spend the money, I would highly recommend licenses for Adaware. For the IDS, we use Snort with OpenAanval for the frontend and Tippingpoint Technologies' UnityOne systems for our Intrusion Prevention Systems.

----------------------------
"Security is like an onion" - Unknown

 

[danno74]

How difficult is it to setup Snort and implement it? I'm a Linux newbie, so if it's somewhat tricky I might have trouble. Snort has been recommended to us before. We have a Linux box with Nagois on it to monitor the network and servers.

 

[MichealC4]

Getting a little offtopic, but anywho. Snort is not that difficult at all. And most distros of Linux allow you to install binaries for Snort if you don't want to compile the source. (ie, apt-get install Snort for Debian) If you want a frontend such as OpenAanval or ACID, you'll need Snort with MySQL support (which is built-in anyway) and PHP with Apache.

----------------------------
"Security is like an onion" - Unknown

 

[MattWray]

Thanks all. I don't have the option of installing everything locally, we have 7 remote sites now.

I think I am going to move forward with SpySweeper and test it out. It really looks like a great product.

And feel free to continue with discussions...



Thanks,

Matt Wray

GFH

http://www.sss-steel.com