An IDS with a user-friendly interface

An IDS with a user-friendly interface

I analyzed my network architecture and decided to have two IDSes, i.e. one behind the firewall and one behind a router. We can implement Snort in our network and play with it. But I have to implement the same IDS on our client's network, which is a similar architecture to our's. But, we can't implement Snort on their end, because they want to have to a beautiful graphical interface. They want it to alarm them, show them nice graphical logs of intruders and stuff like that. I was going through reports at www.nss.co.uk. They have high rating for Cisco IDS and NFR. But, I read about an attack that was missed by Cisco IDS. So I think I shouldn't recommend Cisco IDS. Since it's very expensive and we aren't getting all the stuff, then what's the use. What do you suggest then? What is second best after Snort? There are some problems with NFR too. What do you say about this scenario?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

First, the IDS should be designed with the network infrastructure in mind, the business requirements and the budget. IDSs should not be installed simply because someone saw an advertisement in a magazine or book. Instead, the IDS should meet the company needs.

Your placement sounds correct, but since I have not seen the architecture, I cannot recommend yes or no. Your placement is typical in the industry.

As for Snort, it is an excellent product and will do the job. If your client doesn't like opensource/freeware the loss is theirs. I prefer (in this order) Dragon, Snort, ISS and NFR, but that's not the concrete rule. As I said, the choice must fit the company. Cisco Netranger (or whatever they are calling it) is limited, and I do not recommend it's use unless you supplement it with another IDS. Dragon will provide excellent reports, but you need to know Unix Apache and some database (not a problem, right!).

Remember, NFR is releasing the next generate of products that will ease the use, so you may want to reconsider them. If you are working for a client, then I assume you will have little choice. I recommend you fit their business requirements to the best of your ability.

Hope that answers some of your questions.

For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: Intrusion-detection systems
Webcast Archive: Intrusion-detection systems with Ed Yakabovicz
David Strom's Security Tool Shed: Hacker tool helps identify network weaknesses

This was first published in June 2002