I agree with Ivan Coric, snort is great and acid too. Demarc gets good press and it deserves it but you pay for it now. Look at MRTG for routers activity which is worth noting in an IDS system. Tripwire is also worth a note for host based intrusion detection.
Add arpwatch for mac addresses being introduced to your network. Put the whole lot on a single linux machine with a web interface and you have a very nice solution. Google searches will find you everything you need to know on the above. Hope this helps Trevor Cushen -----Original Message----- From: Ivan Coric [mailto:[EMAIL PROTECTED]] Sent: 28 January 2003 00:50 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Need recommendations about IDS Systems Hi Jenn take a look at snort, but also consider ACID http://www.cert.org/kb/acid/ Have multiple snort sensors logging to a mysql DB and use ACID to view it via a web browser. Its great! cheers Ivan Coric IT Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: [EMAIL PROTECTED] >>> "Robert Sieber" <[EMAIL PROTECTED]> 01/28/03 06:44am >>> I think you should give snort a closer look! Robert -- http://board.protecus.de - Firewalls, Security and more ... www.different-thinking.de - Netze, Protokolle, Sicherheit, ... > -----Original Message----- > From: Jennifer Fountain [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 24, 2003 8:44 PM > To: [EMAIL PROTECTED] > Subject: Need recommendations about IDS Systems > > > I have been looking at a couple IDS systems and reading reviews. My head = > hurts :) Any recommendations ? I want something to sit inside my = > network, in the DMZ and outside. I want it to also email me and send = > information to my syslog server. OS doesn't matter. I can do nt or = > linux. > thanks! > > > > Thank you > Jenn Fountain > > ************************************************************************ *** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** ************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or [EMAIL PROTECTED] **************************************************************************************
