Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > plan of defense

Reply
Thread Tools

plan of defense

 
 
Dan
Guest
Posts: n/a
 
      12-29-2003
For $20,000 I can get two commercial-grade network sensors and for another
$20,000 I can get a commercial grade vulnerability scanner. If I only have
$20,000 in the budget this year, would it be safer or "more secure" to use a
non-commercial grade vulnerability scanner like Nessus instead of the
commercial-grade vulnerability scanner and the commercial-grade IDS? _or_
Would it be safer to use a non-commercial grade network sensor like SNORT
and keep the commercial-grade vulnerability scanners?

Thanks,
Dan


 
Reply With Quote
 
 
 
 
Mimic
Guest
Posts: n/a
 
      12-29-2003
"Dan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> For $20,000 I can get two commercial-grade network sensors and for another
> $20,000 I can get a commercial grade vulnerability scanner. If I only

have
> $20,000 in the budget this year, would it be safer or "more secure" to use

a
> non-commercial grade vulnerability scanner like Nessus instead of the
> commercial-grade vulnerability scanner and the commercial-grade IDS?

_or_
> Would it be safer to use a non-commercial grade network sensor like SNORT
> and keep the commercial-grade vulnerability scanners?
>
> Thanks,
> Dan
>
>


Your gunna pay 20K for a vunerability scanner ? Are you insane ?

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"



 
Reply With Quote
 
 
 
 
Stephen K. Gielda
Guest
Posts: n/a
 
      12-29-2003
In article <(E-Mail Removed)>, bitsandbytes88
@hotmail.com says...
> For $20,000 I can get two commercial-grade network sensors and for another
> $20,000 I can get a commercial grade vulnerability scanner. If I only have
> $20,000 in the budget this year, would it be safer or "more secure" to use a
> non-commercial grade vulnerability scanner like Nessus instead of the
> commercial-grade vulnerability scanner and the commercial-grade IDS? _or_
> Would it be safer to use a non-commercial grade network sensor like SNORT
> and keep the commercial-grade vulnerability scanners?
>


Both snort and nessus are commercial grade and even better than most
"commercial grade" packages. The only thing you don't get is the
ability to dial a phone number for support, instead you have to hit the
Net for answers. I'd recommend using both snort and nessus and spending
that 20k elsewhere.

/steve
--
Protect yourself on-line. Hide your identifying details in e-mail,
usenet, and more. A privacy service like no other.
No one gives you more control over your e-mail than we do!
http://www.cotse.net/servicedetails.html
 
Reply With Quote
 
sponge
Guest
Posts: n/a
 
      12-29-2003
On Mon, 29 Dec 2003 09:46:59 -0500, "Dan" <(E-Mail Removed)>
wrote:

>For $20,000 I can get two commercial-grade network sensors and for

another
>$20,000 I can get a commercial grade vulnerability scanner. If I

only have
>$20,000 in the budget this year, would it be safer or "more secure"

to use a
>non-commercial grade vulnerability scanner like Nessus instead of the
>commercial-grade vulnerability scanner and the commercial-grade IDS?

_or_
>Would it be safer to use a non-commercial grade network sensor like

SNORT
>and keep the commercial-grade vulnerability scanners?
>
>Thanks,
>Dan


IMO, you are very well off with the free stuff, particularly if you
run a Windows network. Nessus and nmap will provide you a great amount
of vulnerability identification, and you can get some vulnerability
assessments for various plafforms from SecuritySpace. I can't say the
free stuff is "better' since you did not specify what tools you are
considering. Odds are good that some of the the commercial tools do a
couple of things the free ones don't, but the reverse may also be
true. Find out what the commercial tools will do and test them
yourself. If you can't get a product demo before laying out $20,000,
go elsewhere.

As far as IDS, pretty much the same applies. I've found most
commercial IDS' to be rather lacking in terms of signatures and
rulesets -- you need the ability to add custom signatures, not just
vendor-supplied ones. That is all-important. You can still crunch time
and attack statistics in a database so long as you have Snort logging
to MySQL. Some commercial IDS' are good for little more than letting
you know if you are being port-scanned. If you're looking for an IPS
solution rather than or along with a NIDS, you can even get a free IPS
to protect any platform: snort_inline, which will work with Snort
rules. Since you can add custom rules as you learn about new problems,
you can stay on top of the bad stuff. IPS is the one area where a
commercial product MAY have an appreciable edge -- for example, if it
can detect buffer overflow attempts or repeated login attempts, that's
very desirable. Otherwise, even a commercial NIPS or HIPS may not be
worth the money.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com
 
Reply With Quote
 
Mimic
Guest
Posts: n/a
 
      12-31-2003
"Stephen K. Gielda" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed).. .
> In article <(E-Mail Removed)>, bitsandbytes88
> @hotmail.com says...
> > For $20,000 I can get two commercial-grade network sensors and for

another
> > $20,000 I can get a commercial grade vulnerability scanner. If I only

have
> > $20,000 in the budget this year, would it be safer or "more secure" to

use a
> > non-commercial grade vulnerability scanner like Nessus instead of the
> > commercial-grade vulnerability scanner and the commercial-grade IDS?

_or_
> > Would it be safer to use a non-commercial grade network sensor like

SNORT
> > and keep the commercial-grade vulnerability scanners?
> >

>
> Both snort and nessus are commercial grade and even better than most
> "commercial grade" packages. The only thing you don't get is the
> ability to dial a phone number for support, instead you have to hit the
> Net for answers. I'd recommend using both snort and nessus and spending
> that 20k elsewhere.
>
> /steve
> --
> Protect yourself on-line. Hide your identifying details in e-mail,
> usenet, and more. A privacy service like no other.
> No one gives you more control over your e-mail than we do!
> http://www.cotse.net/servicedetails.html


He should give it to me

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"



 
Reply With Quote
 
joe
Guest
Posts: n/a
 
      01-03-2004
Second what Sponge wrote...plus, Mimic, take the 20k and get yourself some
quality SysAdmins.....usually the reason I've seen people by expensive
junk (like 'security' software) is that they don't want to do the 'work'
and get to understand and know their own network. One of the few really
good security 'tools' I've run across that IS worth paying for is
Solarwinds.....a network admin tool.

But other than that, proper configs (and do your
reading.....www.cisecurity.org, www.sans.org, www.blackhat.com...et
cetera) will get you farther....oh yeah...and Debbie's book (aka the slug
trail known as 'Tracker') ought to be out soon....read thatif you want to
get confused.

Cheers, 'Joe'

sponge wrote:

> On Mon, 29 Dec 2003 09:46:59 -0500, "Dan" <(E-Mail Removed)>
> wrote:
>
> >For $20,000 I can get two commercial-grade network sensors and for

> another
> >$20,000 I can get a commercial grade vulnerability scanner. If I

> only have
> >$20,000 in the budget this year, would it be safer or "more secure"

> to use a
> >non-commercial grade vulnerability scanner like Nessus instead of the
> >commercial-grade vulnerability scanner and the commercial-grade IDS?

> _or_
> >Would it be safer to use a non-commercial grade network sensor like

> SNORT
> >and keep the commercial-grade vulnerability scanners?
> >
> >Thanks,
> >Dan

>
> IMO, you are very well off with the free stuff, particularly if you
> run a Windows network. Nessus and nmap will provide you a great amount
> of vulnerability identification, and you can get some vulnerability
> assessments for various plafforms from SecuritySpace. I can't say the
> free stuff is "better' since you did not specify what tools you are
> considering. Odds are good that some of the the commercial tools do a
> couple of things the free ones don't, but the reverse may also be
> true. Find out what the commercial tools will do and test them
> yourself. If you can't get a product demo before laying out $20,000,
> go elsewhere.
>
> As far as IDS, pretty much the same applies. I've found most
> commercial IDS' to be rather lacking in terms of signatures and
> rulesets -- you need the ability to add custom signatures, not just
> vendor-supplied ones. That is all-important. You can still crunch time
> and attack statistics in a database so long as you have Snort logging
> to MySQL. Some commercial IDS' are good for little more than letting
> you know if you are being port-scanned. If you're looking for an IPS
> solution rather than or along with a NIDS, you can even get a free IPS
> to protect any platform: snort_inline, which will work with Snort
> rules. Since you can add custom rules as you learn about new problems,
> you can stay on top of the bad stuff. IPS is the one area where a
> commercial product MAY have an appreciable edge -- for example, if it
> can detect buffer overflow attempts or repeated login attempts, that's
> very desirable. Otherwise, even a commercial NIPS or HIPS may not be
> worth the money.
>
> Sponge
> Sponge's Secure Solutions
> www.geocities.com/yosponge
> My new email: yosponge2 att yahoo dott com


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OT: Non-lethal violence in self defense Microcephalic S. Bob MCSE 49 11-04-2005 04:06 PM
Re: Mez's 1108 Defense * Computer Support 4 04-07-2005 12:53 PM
Department of Defense Relies On Linux TechNews Computer Support 0 05-27-2004 09:01 PM
OT: Your first line of defense against phishing 5.5 cents Computer Support 7 05-25-2004 07:56 PM
In Defense of Ron Williams Roger Johnson MCSE 4 08-19-2003 03:27 AM



Advertisments