Hi Jenn You mention having an IDS on your DMZ and perimeter, it may be worth having one on the inside also depending on your budget and network topology.
As to selection, take your time and evaluate the contenders fully before you make a final decision. Most of them have some really good features and failings. It would take a far better man than I to suggest a particular IDS that would suit your network based on what you have said. Snort is mentioned and it is a phenomenal beastie but no IDS is really free, they take a great deal of TLC in the form of tuning and management. I built my website when I was in exactly the same boat as you, it started as just a list of every IDS available, I then reduced the list to around 4 that suited my network, then tested them extensively. They do vary greatly, but it's great fun playing with them and understanding what you want from an IDS. My pet hate at the moment is how they report events and whether there is sufficient information for an analyst to understand what they are dealing with. http://www.networkintrusion.co.uk/N_ids.htm On my website I have a few salient details with links to the sites on: BlackIce Guard (ISS) BlackIce Sentry (ISS) BorderGuard CaptIO Cisco Secure IDS CyberTrace Defense Worx IDS Dragon E-Trust IDS Hogwash IntruShield Manhunt Netprowler Network Flight Recorder Netranger NID/JID nPatrol OneSecure IDP Sourcefire RealSecure Network Sensor RealSecure Guard RealSecure Sentry SecureNet Pro Sessionwall3 SHADOW Shoki Sentrus Snort StealthWatch Tamandua Hope this helps take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "Jennifer Fountain" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 24, 2003 7:44 PM Subject: Need recommendations about IDS Systems I have been looking at a couple IDS systems and reading reviews. My head = hurts :) Any recommendations ? I want something to sit inside my = network, in the DMZ and outside. I want it to also email me and send = information to my syslog server. OS doesn't matter. I can do nt or = linux. thanks! Thank you Jenn Fountain
