Ideally, we want both Network based and host based IDS that we can feed into our logging system that is also open source. We have a primarily Fedora based network. The intent is to pass FISMA. So we have budget for commercial options as well. I have heard good things about snort. We are not that high performance, however. Thanks for the recs. I'll look into them.
On Fri, Feb 28, 2014 at 10:28 PM, Matt Disney <mdis...@gmail.com> wrote: > There are a variety of factors here. I assume you mean a network-based > IDS, rather than host-based, and that you want to do packet inspection. > > Snort, suricata, and bro are popular open source options. I recommend > subscribing to some kind of threat feed to get new IDS rules from a vendor > or community. I'm not sure what's available for suricata or bro but for > Snort you could get the emergingthreats feed or pay for the VRT from > Sourcefire/Cisco (the corporate ummm sponsor of Snort). > > If you want high performance, say 10Gb, then your needs are sorta special. > > I've liked the scenario of deploying both snort with a threat feed and bro > as complementary. I haven't played with suricata. > > Is this the kind of thing you have in mind? If you have a big budget there > are also commercial options we could discuss. > > Matt > > > > On Fri, Feb 28, 2014 at 11:25 AM, Ali Sajid Imami < > ali.sajid.im...@gmail.com> wrote: > >> At work, we have been tasked with setting us up for various security >> certifications. one step is putting a good IDS in place. I was wondering if >> people here had any good recommendations? >> >> _______________________________________________ >> Tech mailing list >> Tech@lists.lopsa.org >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> >> >
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
