General discussion

Locked

Intrusion Detection Protection Systems for Small Businesses

By dave ·
I'm trying to evaluate IDS/IPS systems for a small business that has a DMZ and internal requirement. Our present Firewall works; but isn't up the Payment Card Industry requirements. I've been reviewing the Symantec SGS 360R server and it seems to be a capable device; however, I can't tell if it has DMZ capabiliities. Has anyone used it in that type of capacity?

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by akalinowski In reply to Intrusion Detection Prote ...

my sysadmin is evaluating an OSS product, runs on linux, he claims "its the shiznight" i'll ask him what the name is and post links if i can get 'em

Collapse -
by akalinowski In reply to Intrusion Detection Prote ...

http://www.snort.org/

all $$$ solutions, are based off snort, according to my jr sysadmin... he is building one for our corp office next week.

Collapse -

Yup

by jmgarvin In reply to http://www.snort.org/

Snort is the real deal. You should also probably get ACID for Snort. Tripwire is also a great tools...

Collapse -

by akalinowski In reply to Yup

how'd you have your rigged?
what's best practices in your opinion? (if you dont mind me bugging you about it)

like i said before, we would like to deploy snort pretty soon.

Collapse -

Big questions

by jmgarvin In reply to

Let me see if I can give you a summary answer.

We use Webmin to make setup and changes easy from any place, any time. We can also monitor some stuff via Webmin.

We use ACID to make sure we can have some real time log parsing going on in wetware, plus it is a handy tool to have for post intrusion.

We setup our ruleset to match the snort sourcefire VRT, plus we added a bit to make sure we were catching some other stuff.

To deploy:
Your best bet is to start with a network diagram of the systems your IDS is protecting. You move on to how this will effect the systems and performance. Also make sure to take into account network overhead (if needed). Now you install snort on your machine (after having run it on your testbed to make sure your rules work!). Deploy the machine and tweak as needed.

I will promise you that you will need to tweak your IDS for a few weeks until you get it just how you want it. Once you get it set make sure you copy the rules and keep 'em safe ;-)

Collapse -

by akalinowski In reply to Big questions

thanks for the advice :)

Collapse -

believe it or not ISA Server is really pretty good

by CG IT In reply to Intrusion Detection Prote ...

ISA server 2004 is really a pretty good firewall proxy device and software. The really good thing about it is that no public traffic actually gets inside to the private network. ISA retrieves the requested information from the private network on behalf of the external request.

Collapse -

by akalinowski In reply to believe it or not ISA Ser ...

ISA's awsome, i use it, but its not perfect, that's why you need IDS, "Intrusion Detection" so ISA fails, your firewall fails, some one is jacking w/ your system, or some one has a virus on thier system, or some one plugs in an un authorized device/computer, ISA doesnt help there

Collapse -

IPS is not economically feasible for small business

by Praetorpal In reply to Intrusion Detection Prote ...

as a rule. You will have to budget operating income to wade through reams of false positives. Your best bet is upgrading your firewall to meet your requirements, or IQS, if you are running Linux servers.

Collapse -

Try this source

by praetorpal In reply to IPS is not economically f ...

The evolution of IDS

http://www.networkworld.com/research/2004/110804ids.html

To search IQS, search on the TR site.

Back to IT Employment Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums