General discussion

Locked

Intrusion detection

By allen ·
I am trying to install IDS in a web server. I have used snort in the past, but snort does not function well on a single machine level and sends all kind of alerts. Can anyone recommend in ISD system that is functional and reasonably priced? Thank you

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Intrusion detection

by d.walker5 In reply to Intrusion detection

Try Blackice PC Proctection Firewall, it's inexpensive and works reasonability well. All IDS, at least all I've seem alarm frequently. You need to spend a great deal of time and effect learning there ins-and-outs before they can be relied on. You might thing of using a hardware firewall like SonicWall SHHO3. I think you'll be happier with the SonicWall than with a personal firewall with IDS.

Collapse -

Intrusion detection

by allen In reply to Intrusion detection

Poster rated this answer

Collapse -

Intrusion detection

by l0stbyte In reply to Intrusion detection

snort is typicly used for NIDS (network IDS). In addition, snort and alike are signature based, and therefore not too effective. New attacks will not be detected, unless signatures are created. If you need some kind for host based IDS, check out integrit or tripwire for Unix. For NT, you can use InstallWatch. These are not true host intrusion detection systems, but they will alarm you if files were changed or added.

http://www.tripwire.org
http://integrit.sourceforge.net
http://www.epsilonsquared.com/installwatch.htm

l0stbyte

Collapse -

Intrusion detection

by allen In reply to Intrusion detection

Poster rated this answer

Collapse -

Intrusion detection

by Dirkdj In reply to Intrusion detection

you may find the answer on www.symantec.com where there are specific products for this kind of troubles. Just to mention: NAV2003 which will give effective protection as far as I am using it.
They have also Firewall protection products and I find the prices reasonable compared to what is available on the market.
I hope it helps you to find the right solution.

Collapse -

Intrusion detection

by allen In reply to Intrusion detection

Poster rated this answer

Collapse -

Intrusion detection

by Darthkim In reply to Intrusion detection

There are multiple solutions to secure your web server. For host based IDS, symantec has a product called Intruder Alert. They also has a plugin for IIS to protect specific web services and files. In addition to that, You should probably get an IIS proxy such as SecureIIS (by eeye) which sits on IIS and secures the application.

If you are purely looking for IDS, a combination of both a network and host based ids will be your solution.

Collapse -

Intrusion detection

by allen In reply to Intrusion detection

Poster rated this answer

Collapse -

Intrusion detection

by allen In reply to Intrusion detection

This question was closed by the author

Back to Security Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums