Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rate the Intrusion Detection Systems?

Posted by Cliff on from the watch-out-for-the-rabid-digital-guard-dog dept.

Swannie asks: "The company I'm working for is looking into Intrusion Detection Systems. I was curious on how good/bad/ugly/cute/cuddly LIDS (Linux Intrusion Detection System) is when compared to other, commercial, systems like Cisco's NetRanger, etc. I'd be interested in information from my fellow geeks that have deployed LIDS in real world situations, as well as anyone that has switched to LIDS from a commercial solution, or vice-versa. Hopefully if I have some ammunition to go to the powers that be, I'll be able to utilize an open-source (and less expensive) Linux solution instead of a more expensive commercial one." Are there any other options out there which can be added to this comparison? In an odd bit of synchronicity, this article popped up before press time, which offers up another possible answer, in the form of Snort.

1 of 14 comments (clear)

  1. IDS != firewall; it's like raising a child by Helevius · · Score: 0, Troll
    Although any incremental improvement in security is beneficial, true network security monitoring requires a real commitment of trained manpower, customized applications, and rational processes. Unless you're willing to devote all of your time, and the time of a motivated and quick-learning staff, don't bother with IDS. Network security monitoring is much more involved than firewall deployment or router ACL configuration, for example.

    If you've only got the time, energy, inclination, or budget to do the job halfway, you'll get more productive results monitoring your firewall, router, and application logs.

    If you really feel you want network security monitoring, but can't commit to it, I recommend a competent managed security services provider. Unfortunately, I'm not comfortable with any of the offerings besides that of my employer. Sure, it sounds like a shameless plug, but if other MSSPs care to explain how they do business, I'll have good words for them. Until then, I know my shop does good network security monitoring work. Of the few competitors whose operations I understand, none inspire confidence.

    If you think I only rip on other MSSPs, I can heartily recommend Digital Defense for doing top-notch vulnerability assessments (but that's not IDS, unfortunately).

    Helevius