Network Intrusion Detection and Prevention?

c0dyd asks: "Lately, computer attacks have gained much popularity in the news; however, it is not often that we hear of new software, hardware or 'appliances' that combat malicious code attacks and data intrusions. Obviously, the need is present. I've searched thoroughly for network intrusion detection and prevention systems, but the choices and technologies seem somewhat limited or proprietary-- Snort appears an obvious open source solution for intrusion detection but many users many find it lacking in intrusion prevention capabilities. What do you, the experienced network admin, use for detecting intrusions on the network and how does your network react to those intrusions?"

Re:Don't underestimate just paying attention.

[bobcote]

I have to agree. One of the reasons the Intrusion Detection Systems have taken a backseat to Intrusion Prevention Systems is the marketing people felt that IPS was more "proactive" than IDS. (I hate that buzzword "proactive")

Some of the services that bill themselves as IPS simply give you a report that list your vulnerabilities. At least one lets you actively kill TCP connections. ISS RealSecure is an example of this. They want from an IDS to an IPS.

Back to basics; A good firewall is the best start. If your boss doesn't like the Open Source route, try SonicWall or Checkpoint. Not cheap, but worth it.

You can use HP OpenView to watch for unauthorized equipment that connects to your network. There are Open Source solutions too.

The issue is you have to be able to get immediate alerts. Either someone has to be watching a console or getting a page.

Constant maintenance is what's required of all your equipment. Every host needs to be kept up to date with the latest fixes and patches.

I also keep an eye on Slashdot for the latest ideas and products.