Intrussion detection

Incident response
Intrusion management
Network monitoring
Does any one know of any goof Intrussion detection system boxes which are not crazy expensive and support up to 1GB lines.

Answer Wiki

Thanks. We'll let you know when a new response is added.

McAfee Intrushield. It depends on what you think is “Crazy Expensive”.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Astronomer
    You should probably check out this link on how to do it with snort. There are commercial solutions, but the price is high. Here is an example: This link also looks interesting: Since this is from lawrence berkeley lab, the government has already paid for development. It seems if you are running a fast system without a GUI, and you aren't trying to do too much, you can get away with Gbit speeds. rt
    15 pointsBadges:
  • Bobkberg
    I'm in agreement with astronomer (As I often am). Start with Snort, and learn from it. There are many free guides to learning snort, and SourceFire also offers classes (I've taken them) on using it. I've also worked on some of the expensive commercial solutions (ISS and Eeye come to mind) where upper management loved it, but we never got it to work successfully. All of them have a learning curve to climb, but I'd consider Snort's to be overall shorter - and there are white papers (and pay-for books) all over which will help guide you. Bob
    1,070 pointsBadges:
  • Sonyfreek
    I also agree that you want to start with Snort. I'm using the Sourcefire 3D products after using Snort for years. I like Sourcefire because they are based on Snort and because of Marty Roesch's attitude of supporting Open Source software. ISS, from my experience, was terrible, but I also admit that I wasn't trained on them. I used someone else's training books and still wasn't satisfied with them because the database filled up rather quickly (2 months) using MSDE (2Gb). SF
    0 pointsBadges:
  • Astronomer
    I was trained by ISS and we still had problems with it. This was 8 years ago but we drowned in false positives. rt
    15 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: