[178039] in North American Network Operators' Group
Re: Intrusion Detection recommendations
daemon@ATHENA.MIT.EDU (Mel Beckman)
Fri Feb 13 12:45:15 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Andy Ringsmuth <andy@newslink.com>
Date: Fri, 13 Feb 2015 17:45:10 +0000
In-Reply-To: <EB3171FA-1A68-4564-B655-0BAF9189AB11@newslink.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Unless you need regulatory-grade IDS, your best bet is a Unified Threat Man=
agement (UTM) appliance, essentially any modern enterprise grade firewall s=
uch as a Cisco ASA, Fortigate, SonicWall, etc. These all have built-in IDS/=
IPS options for a fee.
-mel
On Feb 13, 2015, at 9:40 AM, Andy Ringsmuth <andy@newslink.com>
wrote:
> NANOG'ers,
>=20
> I've been tasked by our company president to learn about, investigate and=
recommend an intrusion detection system for our company.
>=20
> We're a smaller outfit, less than 100 employees, entirely Apple-based. Ma=
cs, iPhones, some Mac Mini servers, etc., and a fiber connection to the wor=
ld. We are protected by a FreeBSD firewall setup, and we stay current on up=
dates/patches from Apple and FreeBSD, but that's as far as my expertise goe=
s.
>=20
> Initially, what do people recommend for:
>=20
> 1. Crash course in intrusion detection as a whole
> 2. Suggestions or recommendations for intrusion detection hardware or sof=
tware
> 3. Other things I'm likely overlooking
>=20
> Thank you all in advance for your wisdom.
>=20
>=20
> ----
> Andy Ringsmuth
> andy@newslink.com
> News Link =96 Manager Technology & Facilities
> 2201 Winthrop Rd., Lincoln, NE 68502-4158
> (402) 475-6397 (402) 304-0083 cellular
>=20
