plan of defense

Discussion in 'Computer Security' started by Dan, Dec 29, 2003.

  1. Dan

    Dan Guest

    For $20,000 I can get two commercial-grade network sensors and for another
    $20,000 I can get a commercial grade vulnerability scanner. If I only have
    $20,000 in the budget this year, would it be safer or "more secure" to use a
    non-commercial grade vulnerability scanner like Nessus instead of the
    commercial-grade vulnerability scanner and the commercial-grade IDS? _or_
    Would it be safer to use a non-commercial grade network sensor like SNORT
    and keep the commercial-grade vulnerability scanners?

    Thanks,
    Dan
     
    Dan, Dec 29, 2003
    #1
    1. Advertising

  2. Dan

    Mimic Guest

    "Dan" <> wrote in message
    news:...
    > For $20,000 I can get two commercial-grade network sensors and for another
    > $20,000 I can get a commercial grade vulnerability scanner. If I only

    have
    > $20,000 in the budget this year, would it be safer or "more secure" to use

    a
    > non-commercial grade vulnerability scanner like Nessus instead of the
    > commercial-grade vulnerability scanner and the commercial-grade IDS?

    _or_
    > Would it be safer to use a non-commercial grade network sensor like SNORT
    > and keep the commercial-grade vulnerability scanners?
    >
    > Thanks,
    > Dan
    >
    >


    Your gunna pay 20K for a vunerability scanner ? Are you insane ?

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Dec 29, 2003
    #2
    1. Advertising

  3. In article <>, bitsandbytes88
    @hotmail.com says...
    > For $20,000 I can get two commercial-grade network sensors and for another
    > $20,000 I can get a commercial grade vulnerability scanner. If I only have
    > $20,000 in the budget this year, would it be safer or "more secure" to use a
    > non-commercial grade vulnerability scanner like Nessus instead of the
    > commercial-grade vulnerability scanner and the commercial-grade IDS? _or_
    > Would it be safer to use a non-commercial grade network sensor like SNORT
    > and keep the commercial-grade vulnerability scanners?
    >


    Both snort and nessus are commercial grade and even better than most
    "commercial grade" packages. The only thing you don't get is the
    ability to dial a phone number for support, instead you have to hit the
    Net for answers. I'd recommend using both snort and nessus and spending
    that 20k elsewhere.

    /steve
    --
    Protect yourself on-line. Hide your identifying details in e-mail,
    usenet, and more. A privacy service like no other.
    No one gives you more control over your e-mail than we do!
    http://www.cotse.net/servicedetails.html
     
    Stephen K. Gielda, Dec 29, 2003
    #3
  4. Dan

    sponge Guest

    On Mon, 29 Dec 2003 09:46:59 -0500, "Dan" <>
    wrote:

    >For $20,000 I can get two commercial-grade network sensors and for

    another
    >$20,000 I can get a commercial grade vulnerability scanner. If I

    only have
    >$20,000 in the budget this year, would it be safer or "more secure"

    to use a
    >non-commercial grade vulnerability scanner like Nessus instead of the
    >commercial-grade vulnerability scanner and the commercial-grade IDS?

    _or_
    >Would it be safer to use a non-commercial grade network sensor like

    SNORT
    >and keep the commercial-grade vulnerability scanners?
    >
    >Thanks,
    >Dan


    IMO, you are very well off with the free stuff, particularly if you
    run a Windows network. Nessus and nmap will provide you a great amount
    of vulnerability identification, and you can get some vulnerability
    assessments for various plafforms from SecuritySpace. I can't say the
    free stuff is "better' since you did not specify what tools you are
    considering. Odds are good that some of the the commercial tools do a
    couple of things the free ones don't, but the reverse may also be
    true. Find out what the commercial tools will do and test them
    yourself. If you can't get a product demo before laying out $20,000,
    go elsewhere.

    As far as IDS, pretty much the same applies. I've found most
    commercial IDS' to be rather lacking in terms of signatures and
    rulesets -- you need the ability to add custom signatures, not just
    vendor-supplied ones. That is all-important. You can still crunch time
    and attack statistics in a database so long as you have Snort logging
    to MySQL. Some commercial IDS' are good for little more than letting
    you know if you are being port-scanned. If you're looking for an IPS
    solution rather than or along with a NIDS, you can even get a free IPS
    to protect any platform: snort_inline, which will work with Snort
    rules. Since you can add custom rules as you learn about new problems,
    you can stay on top of the bad stuff. IPS is the one area where a
    commercial product MAY have an appreciable edge -- for example, if it
    can detect buffer overflow attempts or repeated login attempts, that's
    very desirable. Otherwise, even a commercial NIPS or HIPS may not be
    worth the money.

    Sponge
    Sponge's Secure Solutions
    www.geocities.com/yosponge
    My new email: yosponge2 att yahoo dott com
     
    sponge, Dec 29, 2003
    #4
  5. Dan

    Mimic Guest

    "Stephen K. Gielda" <> wrote in message
    news:...
    > In article <>, bitsandbytes88
    > @hotmail.com says...
    > > For $20,000 I can get two commercial-grade network sensors and for

    another
    > > $20,000 I can get a commercial grade vulnerability scanner. If I only

    have
    > > $20,000 in the budget this year, would it be safer or "more secure" to

    use a
    > > non-commercial grade vulnerability scanner like Nessus instead of the
    > > commercial-grade vulnerability scanner and the commercial-grade IDS?

    _or_
    > > Would it be safer to use a non-commercial grade network sensor like

    SNORT
    > > and keep the commercial-grade vulnerability scanners?
    > >

    >
    > Both snort and nessus are commercial grade and even better than most
    > "commercial grade" packages. The only thing you don't get is the
    > ability to dial a phone number for support, instead you have to hit the
    > Net for answers. I'd recommend using both snort and nessus and spending
    > that 20k elsewhere.
    >
    > /steve
    > --
    > Protect yourself on-line. Hide your identifying details in e-mail,
    > usenet, and more. A privacy service like no other.
    > No one gives you more control over your e-mail than we do!
    > http://www.cotse.net/servicedetails.html


    He should give it to me :p

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Dec 31, 2003
    #5
  6. Dan

    joe Guest

    Second what Sponge wrote...plus, Mimic, take the 20k and get yourself some
    quality SysAdmins.....usually the reason I've seen people by expensive
    junk (like 'security' software) is that they don't want to do the 'work'
    and get to understand and know their own network. One of the few really
    good security 'tools' I've run across that IS worth paying for is
    Solarwinds.....a network admin tool.

    But other than that, proper configs (and do your
    reading.....www.cisecurity.org, www.sans.org, www.blackhat.com...et
    cetera) will get you farther....oh yeah...and Debbie's book (aka the slug
    trail known as 'Tracker') ought to be out soon....read thatif you want to
    get confused.

    Cheers, 'Joe'

    sponge wrote:

    > On Mon, 29 Dec 2003 09:46:59 -0500, "Dan" <>
    > wrote:
    >
    > >For $20,000 I can get two commercial-grade network sensors and for

    > another
    > >$20,000 I can get a commercial grade vulnerability scanner. If I

    > only have
    > >$20,000 in the budget this year, would it be safer or "more secure"

    > to use a
    > >non-commercial grade vulnerability scanner like Nessus instead of the
    > >commercial-grade vulnerability scanner and the commercial-grade IDS?

    > _or_
    > >Would it be safer to use a non-commercial grade network sensor like

    > SNORT
    > >and keep the commercial-grade vulnerability scanners?
    > >
    > >Thanks,
    > >Dan

    >
    > IMO, you are very well off with the free stuff, particularly if you
    > run a Windows network. Nessus and nmap will provide you a great amount
    > of vulnerability identification, and you can get some vulnerability
    > assessments for various plafforms from SecuritySpace. I can't say the
    > free stuff is "better' since you did not specify what tools you are
    > considering. Odds are good that some of the the commercial tools do a
    > couple of things the free ones don't, but the reverse may also be
    > true. Find out what the commercial tools will do and test them
    > yourself. If you can't get a product demo before laying out $20,000,
    > go elsewhere.
    >
    > As far as IDS, pretty much the same applies. I've found most
    > commercial IDS' to be rather lacking in terms of signatures and
    > rulesets -- you need the ability to add custom signatures, not just
    > vendor-supplied ones. That is all-important. You can still crunch time
    > and attack statistics in a database so long as you have Snort logging
    > to MySQL. Some commercial IDS' are good for little more than letting
    > you know if you are being port-scanned. If you're looking for an IPS
    > solution rather than or along with a NIDS, you can even get a free IPS
    > to protect any platform: snort_inline, which will work with Snort
    > rules. Since you can add custom rules as you learn about new problems,
    > you can stay on top of the bad stuff. IPS is the one area where a
    > commercial product MAY have an appreciable edge -- for example, if it
    > can detect buffer overflow attempts or repeated login attempts, that's
    > very desirable. Otherwise, even a commercial NIPS or HIPS may not be
    > worth the money.
    >
    > Sponge
    > Sponge's Secure Solutions
    > www.geocities.com/yosponge
    > My new email: yosponge2 att yahoo dott com
     
    joe, Jan 3, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Roger Johnson

    In Defense of Ron Williams

    Roger Johnson, Aug 18, 2003, in forum: MCSE
    Replies:
    4
    Views:
    531
    dpipan
    Aug 19, 2003
  2. Microcephalic S. Bob

    OT: Non-lethal violence in self defense

    Microcephalic S. Bob, Oct 22, 2005, in forum: MCSE
    Replies:
    49
    Views:
    1,461
  3. 5.5 cents

    OT: Your first line of defense against phishing

    5.5 cents, May 25, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    501
    ┬░Mike┬░
    May 25, 2004
  4. TechNews

    Department of Defense Relies On Linux

    TechNews, May 27, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    418
    TechNews
    May 27, 2004
  5. *

    Re: Mez's 1108 Defense

    *, Apr 3, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    430
    Roofshadow
    Apr 7, 2005
Loading...

Share This Page