In message <[EMAIL PROTECTED]>, Vin McLellan writes:
>In a response to Saso <[EMAIL PROTECTED]>, Carric Dooley <[EMAIL PROTECTED]>
>wrote:
>
>>The main advantages to NFR are it's speed and adaptability. A
>>disadvantage may be it's adaptability. =) You will need someone on staff
>>with some programming skills to build the custom scripts you may want to
>>add to the existing NFR package.
>
> There are people here who can answer this with specific
>recommendations if Saso feels comfortable offering more information about
>his environment, but it is my impression is that the vast majority of NFR
>customers buy through a consultant/reseller who develops, remarkets, and
>applies the appropriate scripts.
What we basically need is an IDS system that has centralised management
station and several remote probes. Each of the probes has to be able to save
data on it's own disks in case the main management station is unreachable,
also each probe has to survive and monitor the network even if the main
station is unreachable for longer than a set amount of time. The IDS has to be
able to scan thru peak traffic which many times reaches 65-70Mbit/s, and has
to monitor fragmented packets and reassable them.
Also, the IDS has to go completely unnoticed, which rules out any active
intrusion prevention and standard protocols to send data from remote probe to
the central station.
>
> In that case, you probably will not need local on-site talent with
>these capabilities. Check with the NFR resellers in your area, or those
>which specialize in your industry or network architecture.
My original e-mail was sent out to see if anyone has some bad experiences with
Cisco's Net Ranger and/or ISS' RealSecure so I could rule them out or at least
make a preference choice between them before I have to test them on my network.
The monitored environment is pretty simple, consisting of mail servers, pop3
server, web servers, news servers and a few other Internet services, peak
traffic as I said can reach up to 65-70 Mbit/s.
Regards,
Saso
--
-- --
Saso Virag | SiOL CERT
Security Admin @ SiOL.net | Phone: +386 61 130 15 15
| Fax: +386 61 139 35 00
-- --
--
-- --
Saso Virag | SiOL CERT
Security Admin @ SiOL.net | Phone: +386 61 130 15 15
| Fax: +386 61 139 35 00
-- --
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
