• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

IDS - Snort for commercial purposes?

I

isasir

Diamond Member
I work for a small company (~30 employees) which currently does not have IDS set up. I plan on looking into IDS to get something up and running, and of course the product I hear the most about is Snort.

Is Snort good for organizations? There is no real IT budget here, so the IDS product I look into would have to be cheap/free, but of course work fairly well.
 
Yeah, it's used in a lot of organizations even enterprises. It takes a lot of work (IDS in general), and you have to have people looking at it constantly or it isn't worth it.

I highly recommend it, unless you're expecting to use it on Windows. Then the magic 8-ball points to: DON'T DO IT! Or something like that.
 
Originally posted by: n0cmonkey
Yeah, it's used in a lot of organizations even enterprises. It takes a lot of work (IDS in general), and you have to have people looking at it constantly or it isn't worth it.

I highly recommend it, unless you're expecting to use it on Windows. Then the magic 8-ball points to: DON'T DO IT! Or something like that.
Click to expand...


Hypothetically, if I were looking for Windows, is there an alternate program you'd recommend? 😉

(at this point I'm still gathering information, but my strengths lie in Windows platforms, with minimal non-Windows experience)
 
Originally posted by: isasir
Originally posted by: n0cmonkey
Yeah, it's used in a lot of organizations even enterprises. It takes a lot of work (IDS in general), and you have to have people looking at it constantly or it isn't worth it.

I highly recommend it, unless you're expecting to use it on Windows. Then the magic 8-ball points to: DON'T DO IT! Or something like that.
Click to expand...


Hypothetically, if I were looking for Windows, is there an alternate program you'd recommend? 😉
Click to expand...

Not quite so free. 😉 Issues with the windows version of snort pop up every so often on the snort-users mailing list. I've seen it recommended not to use that version. IDS (as well as firewalls) are not a place for Windows.

(at this point I'm still gathering information, but my strengths lie in Windows platforms, with minimal non-Windows experience)
Click to expand...

This can only hurt you when monitoring an IDS. Unless of course the entire network is made up of Windows machine. Even then, I wake up at night in a cold sweat after nightmares of management mandating a switch to Windows IDSes everywhere...
 
Snort is as good as it is going to get unless your going to put some money out and get a TippingPoint or something of the likes.
 
You may also want to take a peek at Microsoft's ISA Server 2004. Besides being a first-class application-level firewall, it does have some IDS features. It can also easily control and monitor user Internet access, create VPN links, and has good reporting and monitoring features. A real reason to use it would be that much of the setup is Wizard-based. If you don't have full-time IT people, you may find it easier to work with than Linux solutions.

http://microsoft.com/isa
 
Originally posted by: Nothinman
If you don't have full-time IT people, you may find it easier to work with than Linux solutions.
Click to expand...
Yes, but it also costs $2.5K just for just the software.
Click to expand...
Well, it's $1500. (Or, it's free with SBS 2003 Premium Edition @$1000 from Newegg.) Regardless, if it takes somebody a week to implement IDS, you've spent $2.5K. You can do it with ISA 2004 in a day. So, the cost depends on what your employee's time is worth, too. And. of course, everyone needs to consider ongoing support costs, which can make the initial software and installation costs look trivial. Anyone making software choices needs to look at the the long-term costs and effectiveness and decide from there.
 
Originally posted by: RebateMonger
Originally posted by: Nothinman
If you don't have full-time IT people, you may find it easier to work with than Linux solutions.
Click to expand...
Yes, but it also costs $2.5K just for just the software.
Click to expand...
Well, it's $1500. (Or, it's free with SBS 2003 Premium Edition @$1000 from Newegg.) Regardless, if it takes somebody a week to implement IDS, you've spent $2.5K. You can do it with ISA 2004 in a day. So, the cost depends on what your employee's time is worth, too. And. of course, everyone needs to consider ongoing support costs, which can make the initial software and installation costs look trivial. Anyone making software choices needs to look at the the long-term costs and effectiveness and decide from there.
Click to expand...

It still needs to be monitored regularly (24/7/365 for IDS) and updated when necessary (unless it doesn't use signatures, in which case I'm not sure how much I'd trust it as my only IDS).
 
while linux based systems are often better, management and security systems are worthless if no staff knows how to use them.

In the real world people slap management/security products out there trying to have best of breed.

then they wind up not using them. It's why a lot of companies outsource this stuff.
 
Well, it's $1500.
Click to expand...

Plus another grand for Windows 2003.

Regardless, if it takes somebody a week to implement IDS, you've spent $2.5K. You can do it with ISA 2004 in a day. So, the cost depends on what your employee's time is worth, too. And. of course, everyone needs to consider ongoing support costs, which can make the initial software and installation costs look trivial. Anyone making software choices needs to look at the the long-term costs and effectiveness and decide from there.
Click to expand...

But after that day of setting up ISA how much do you really know about it? Sure it's there and running, but who's going to make sure it's functioning properly and tune out the false positives? An IDS is worthless if you don't know how to run it or how to determine what's a valid threat. Spending an extra week or so learning how to setup and configure snort would be much more worthwhile if you actually learn how the software works. MS software usually has a lower upfront cost, you pay MS your $2.5K, walk through your wizards and in a day or so you're done. But the longterm maintenance usually sucks and ends up eating up a lot of time and then in another year or so you have to fork over some more money for the next revision of the software.
 
Originally posted by: spidey07
while linux based systems are often better, management and security systems are worthless if no staff knows how to use them.

In the real world people slap management/security products out there trying to have best of breed.

then they wind up not using them. It's why a lot of companies outsource this stuff.
Click to expand...

That's true for any security product, especially IDS. If someone knowledgable is not watching the logs, it's useless. I haven't played with an IDS that just anyone can monitor without understanding what they are monitoring and be useful.
 
Originally posted by: n0cmonkey
I haven't played with an IDS that just anyone can monitor without understanding what they are monitoring and be useful.
Click to expand...
Which is why an IDS system for a 30-person company may not be practical, even if it's freeware.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top