On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said: > Our company plan to install IDS to protect our resources, I'm already read > about snort as NIDS, but, that's software based. I'm interesting with > hardware based that will work transparently with our Cisco PIX, no need to > make changes in our firewall. What's your suggestion. Step 1: Learn that there's no *true* hardware-based solutions here. What you're really buying is a box with a CPU, some memory, a network interface or three, and some software. Many "hardware" IDS are in fact just Snort-in-a-box, or optimized-Snort-in-a-box. Others will be some other "software in a box". To understand why, consider why you can't get a high-speed line card from Cisco (which *are* lots of black-magic ASIC hardware) to do any significant filtering to the level that Snort inspects packets.... Step 2: An IDS doesn't *protect* your resources, any more than a concealed video surveillance camera protects anything. It may tell you who did it, and what they did, *after the fact*, but it won't *protect* you. (At least a *visible* video cam might make the malefactor think twice - but who *ever* has an IDS that's as visible as (say) the video cameras in a bank lobby??) :)
Attachment:
pgpvxFdaxpLhH.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/