What is best for intrusion detection?
Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: What is best for intrusion detection?

  1. #1
    Senior Member
    Join Date
    Jun 2002
    Posts
    352

    What is best for intrusion detection?

    What would you guys recommend is best for intrusion detection/blocking?
    Currently I uses Symantec Internet security 2002, with the anti-virus package? Could I get something better? And also is there any benefit in using multiple firewalls at the same time?

    Thanks in advance
    \"When I give food to the poor, they call me a saint. When I ask why the poor have no food, they call me a communist.\" -- Dom Helder Camara

  2. #2
    Junior Member
    Join Date
    Oct 2001
    Posts
    15
    Cisco PIX firewall security series are hardware firewalls runing what are considered hardened IOS. These are hardware and not software firewalls. They have many security features not found in other units also I recommend SonicWall, Netscreen.All of them can support from 10 to thousands computers and have advanced & stong security management tools such as:
    - schedule based rules, Dos protection, VPN server/client , Qos/tos management, and you are looking at a lot of money here for this kind of hardware. For the average person on one OS software is the best. And since you are using Norton , you could not have picked a better software. Right now Norton ranks number one after being tested against other software firewalls. As long as you continue to get your updates , you should be in tip top shape. BTW, many test were run on NORTON and it came out smelling like a rose on the leak test and all other test that they tested NORTON on. Right now the two top ones , are NORTON and Zone Alarm , but many are questioning that Zone Alarm is spyware because when it say click here to uninstall.. it doesn't completely . That is another story all it's own I won't get into. But stick with what you have. You made a wide choice. (BTW I am here posting as our board is getting worked on and is not up)

    Adore
    HDC

  3. #3
    Junior Member
    Join Date
    Oct 2001
    Posts
    15
    BTW the answer to your second question , I posted it on this other persons thread you can click here to read it.

    http://www.antionline.com/showthread...hreadid=228993


    Adore

  4. #4
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628

    HUH?

    Well HDC admin, I hope you're running Norton and ZA cause both of them blow chunks. really good advice, sarge.

    Hey, Mahakaal, a good IDS is snort. If you want a good firewall that has some IDS capabilities ( I'm going out on a limb here and assuming you're a windows user) the might I recommend 3.


    And to answer your last question, NO. It affords you no more protection. If you want more protection then a gateway box running say FreeBSD or OpenBSD w/ iptables/ipchains in between your work box and your inet connection would do well.

    Another quick gateway box that's really easy to use look here.-> www.clarkconnect.org

    sygate www.syagte.com
    tiny www.tinysoftware.com
    outpost www. agnitum.com


    edit -typo
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    380
    I prefer Agnitum Outpost by far to all other software firewalls for WinMachines... It needs a bit more configuration then ZoneAlarm to get working but it is much more configurable... Most firewall companies do not recommand using 2 concurrent firewalls, I have used 2 at the same time without any problem... But I think that with a configurable firewall you don't really need 2. All you have to do is block all ports that you do not use. A list of dangerous ports and their common uses can be found at http://www.iss.net/security_center/a...xploits/Ports/

    I also suggest having an UPDATED antivirus running, that way if a trojan was installed via physical access to your machine, it will be discovered IF you have a the Resident scanner running. I also suggest using the updater for the AV you pick, a new trojan could be written anytime and your old definition file would be useless to locate it (unless you have heuristic scan selected and the trojan is not outstandingly different then existing trojans...)

    Have fun!
    [shadow]Scorp666, the Infamous Orgasmatron[/shadow]

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    293
    IDS systems...well mostly easy to bypass but they keep the script kiddies away... I've tried ZoneAlarm but the little popup-boxes really pisses me off... it's hard to secure a box if u often install new software/games that needs access to the Net... Symantec Internet security 2002 is ok, and it should keep most morons away... (u could of course just install *nix on ur box and use some of the buildin firewall services hehe )
    zion1459
    Visit: http://www.cpc-net.org
    \"Software is like sex: it\'s better when it\'s free.\" -Linus Torvalds

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    115
    you could use a honeypot... back on track, use snort, its one of the best ids

  8. #8
    Junior Member
    Join Date
    Jun 2002
    Posts
    5
    KorpDeath,

    If you could provide some evidence as to why Norton and Zone Alarm "blow chunks," I'd appreciate it. If you could direct me to some url's, thanks.

    BTW, Adore seems to know a lot about network security, far above little software firewalls. Given that she's provided far more evidence to her case than yours, I'd tend to believe her, HDC admin or not.

    N2N

  9. #9
    Junior Member
    Join Date
    Oct 2001
    Posts
    15
    Korp I do not use Norton or Zone Alarm. I use HARDWARE , not SOFTWARE.




    A.

  10. #10
    Senior Member
    Join Date
    Mar 2002
    Posts
    238
    KorpDeath, your unsupported statement of 'blowing chunks' is really considered invalid for me. In my opinion, adore stated all her opinions firmly, unlike you.
    -{[ Joe ]}- (Joe@nitesecurity.com)
    http://www.nitesecurity.com

    [shadow]I\'m Just A Soldier In This War Against Ignorance.[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •