Intrussion detection

0 pts.
Tags:
Cabling
Firewalls
Forensics
Hubs
Incident response
Intrusion management
Network monitoring
Routers
Security
Switches
VPN
Wireless
Does any one know of any goof Intrussion detection system boxes which are not crazy expensive and support up to 1GB lines.
ASKED: June 1, 2007  12:10 PM
UPDATED: February 4, 2009  9:58 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

McAfee Intrushield. It depends on what you think is “Crazy Expensive”.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Astronomer
    You should probably check out this link on how to do it with snort. http://www.ics.forth.gr/carv/np/splitter_tr323.pdf There are commercial solutions, but the price is high. Here is an example: http://www.lightreading.com/document.asp?doc_id=92639&print=true This link also looks interesting: http://www.bro-ids.org/ Since this is from lawrence berkeley lab, the government has already paid for development. It seems if you are running a fast system without a GUI, and you aren't trying to do too much, you can get away with Gbit speeds. rt
    15 pointsBadges:
    report
  • Bobkberg
    I'm in agreement with astronomer (As I often am). Start with Snort, and learn from it. There are many free guides to learning snort, and SourceFire also offers classes (I've taken them) on using it. I've also worked on some of the expensive commercial solutions (ISS and Eeye come to mind) where upper management loved it, but we never got it to work successfully. All of them have a learning curve to climb, but I'd consider Snort's to be overall shorter - and there are white papers (and pay-for books) all over which will help guide you. Bob
    1,070 pointsBadges:
    report
  • Sonyfreek
    I also agree that you want to start with Snort. I'm using the Sourcefire 3D products after using Snort for years. I like Sourcefire because they are based on Snort and because of Marty Roesch's attitude of supporting Open Source software. ISS, from my experience, was terrible, but I also admit that I wasn't trained on them. I used someone else's training books and still wasn't satisfied with them because the database filled up rather quickly (2 months) using MSDE (2Gb). SF
    0 pointsBadges:
    report
  • Astronomer
    I was trained by ISS and we still had problems with it. This was 8 years ago but we drowned in false positives. rt
    15 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following