
	Home > Ask the Security Experts > Questions & Answers > An IDS with a user-friendly interface

Ask The Security Expert: Questions & Answers

EMAIL THIS

An IDS with a user-friendly interface

EXPERT RESPONSE FROM: Ed Yakabovicz

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 20 June 2002
I analyzed my network architecture and decided to have two IDSes, i.e. one behind the firewall and one behind a router. We can implement Snort in our network and play with it. But I have to implement the same IDS on our client's network, which is a similar architecture to our's. But, we can't implement Snort on their end, because they want to have to a beautiful graphical interface. They want it to alarm them, show them nice graphical logs of intruders and stuff like that. I was going through reports at www.nss.co.uk. They have high rating for Cisco IDS and NFR. But, I read about an attack that was missed by Cisco IDS. So I think I shouldn't recommend Cisco IDS. Since it's very expensive and we aren't getting all the stuff, then what's the use. What do you suggest then? What is second best after Snort? There are some problems with NFR too. What do you say about this scenario?

First, the IDS should be designed with the network infrastructure in mind, the business requirements and the budget. IDSs should not be installed simply because someone saw an advertisement in a magazine or book. Instead, the IDS should meet the company needs.

Your placement sounds correct, but since I have not seen the architecture, I cannot recommend yes or no. Your placement is typical in the industry.

As for Snort, it is an excellent product and will do the job. If your client doesn't like opensource/freeware the loss is theirs. I prefer (in this order) Dragon, Snort, ISS and NFR, but that's not the concrete rule. As I said, the choice must fit the company. Cisco Netranger (or whatever they are calling it) is limited, and I do not recommend it's use unless you supplement it with another IDS. Dragon will provide excellent reports, but you need to know Unix Apache and some database (not a problem, right!).

Remember, NFR is releasing the next generate of products that will ease the use, so you may want to reconsider them. If you are working for a client, then I assume you will have little choice. I recommend you fit their business requirements to the best of your ability.

Hope that answers some of your questions.

For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: Intrusion-detection systems
Webcast Archive: Intrusion-detection systems with Ed Yakabovicz
David Strom's Security Tool Shed: Hacker tool helps identify network weaknesses

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy