plan of defense

Discussion in 'Computer Security' started by Dan, Dec 29, 2003.

  1. Dan

    Dan Guest

    For $20,000 I can get two commercial-grade network sensors and for another
    $20,000 I can get a commercial grade vulnerability scanner. If I only have
    $20,000 in the budget this year, would it be safer or "more secure" to use a
    non-commercial grade vulnerability scanner like Nessus instead of the
    commercial-grade vulnerability scanner and the commercial-grade IDS? _or_
    Would it be safer to use a non-commercial grade network sensor like SNORT
    and keep the commercial-grade vulnerability scanners?

    Thanks,
    Dan
     
    Dan, Dec 29, 2003
    #1
    1. Advertisements

  2. Dan

    Mimic Guest

    Your gunna pay 20K for a vunerability scanner ? Are you insane ?

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Dec 29, 2003
    #2
    1. Advertisements

  3. Both snort and nessus are commercial grade and even better than most
    "commercial grade" packages. The only thing you don't get is the
    ability to dial a phone number for support, instead you have to hit the
    Net for answers. I'd recommend using both snort and nessus and spending
    that 20k elsewhere.

    /steve
     
    Stephen K. Gielda, Dec 29, 2003
    #3
  4. Dan

    sponge Guest

    IMO, you are very well off with the free stuff, particularly if you
    run a Windows network. Nessus and nmap will provide you a great amount
    of vulnerability identification, and you can get some vulnerability
    assessments for various plafforms from SecuritySpace. I can't say the
    free stuff is "better' since you did not specify what tools you are
    considering. Odds are good that some of the the commercial tools do a
    couple of things the free ones don't, but the reverse may also be
    true. Find out what the commercial tools will do and test them
    yourself. If you can't get a product demo before laying out $20,000,
    go elsewhere.

    As far as IDS, pretty much the same applies. I've found most
    commercial IDS' to be rather lacking in terms of signatures and
    rulesets -- you need the ability to add custom signatures, not just
    vendor-supplied ones. That is all-important. You can still crunch time
    and attack statistics in a database so long as you have Snort logging
    to MySQL. Some commercial IDS' are good for little more than letting
    you know if you are being port-scanned. If you're looking for an IPS
    solution rather than or along with a NIDS, you can even get a free IPS
    to protect any platform: snort_inline, which will work with Snort
    rules. Since you can add custom rules as you learn about new problems,
    you can stay on top of the bad stuff. IPS is the one area where a
    commercial product MAY have an appreciable edge -- for example, if it
    can detect buffer overflow attempts or repeated login attempts, that's
    very desirable. Otherwise, even a commercial NIPS or HIPS may not be
    worth the money.

    Sponge
    Sponge's Secure Solutions
    www.geocities.com/yosponge
    My new email: yosponge2 att yahoo dott com
     
    sponge, Dec 29, 2003
    #4
  5. Dan

    Mimic Guest

    He should give it to me :p

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Dec 31, 2003
    #5
  6. Dan

    joe Guest

    Second what Sponge wrote...plus, Mimic, take the 20k and get yourself some
    quality SysAdmins.....usually the reason I've seen people by expensive
    junk (like 'security' software) is that they don't want to do the 'work'
    and get to understand and know their own network. One of the few really
    good security 'tools' I've run across that IS worth paying for is
    Solarwinds.....a network admin tool.

    But other than that, proper configs (and do your
    reading.....www.cisecurity.org, www.sans.org, www.blackhat.com...et
    cetera) will get you farther....oh yeah...and Debbie's book (aka the slug
    trail known as 'Tracker') ought to be out soon....read thatif you want to
    get confused.

    Cheers, 'Joe'
     
    joe, Jan 3, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.