Intrusin Detection Systems

Network monitoring
We are a medium sized manufacturing company. We have our main location in the U.S and another locaton in Mexico. These are connected by Frame Relay. I am using a Cisco 515 PIX for a Firewall. Recently the auditors have told us we need an Intrusion Detection System. I am looking for one that will work with the PIX. Preferably an appliance as opposed to a software solution. I am not familiar with these systems. I am hoping someone can give me some suggestions. Price is an issue. Also ease of setup and managemen

Answer Wiki

Thanks. We'll let you know when a new response is added.

You don’t have very difficult criteria (Price, management, etc.) 😉

For price, you could use Snort. A cheap PC can be set up to run this.

To work with the PIX, you might consider the Cisco device, which also works as an Intrusion Prevention system.

For management, I would suggest an outsourced service model. ISS, CyberTrust, etc. They handle everything except escalations, which really cuts down on false alarms. Another less known service is Alert Logic

Obviously, you’ll need to make some choices based on which is the most important factor.

Best regards,

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Astronomer
    What level of intrusion detection do you need? The pix already has limited intrusion detection capabilities. Check this link: Since you asked for an appliance, this would probably be your easiest choice. They also have other appliances. I have heard good things about snort but it is a software solution. In any case, if you want an install and forget appliance, you are looking at the wrong technology. Properly configuring and managing a sophisticated IDS is one of the most complex jobs in networking. We had a system installed by ISS in our lab at Intel and we were buried by the false positives to the point it wasn't useful. Before you make your decision, consider carefully how much time and knowledge you are willing to invest in IDS. rt
    15 pointsBadges:
  • Bobkberg
    For the most part, I'd tend to agree with Telecomking and astronomer. Depending on what you're looking for, using what's built into the Pix is likely to be the simplest solution. I use snort, and have adapted some PERL scripts to provide me with a nice HTML formatted daily report. But even so, tuning took a while to get the volume of reports down to what's manageable. I've worked with ISS and consider it to be over-engineered junk. How they got to be market leader is beyond me. What I've been entranced with lately is the Juniper Networks IDP-1000 system. The GUI is very Checkpoint-like, AND you can define rules to do a packet capture surrounding the event - VERY useful in separating threat from over-eager. When I was working with the ISS, the sales people told me that they essentially didn't allow for packet capture. This was about 2 years ago, so things may have changed. That's my $.02 worth Bob
    1,070 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: