[178046] in North American Network Operators' Group
Re: Intrusion Detection recommendations
daemon@ATHENA.MIT.EDU (Mel Beckman)
Fri Feb 13 15:02:20 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: "J. Oquendo" <joquendo@e-fensive.net>
Date: Fri, 13 Feb 2015 20:02:12 +0000
In-Reply-To: <20150213172925.GB240@e-fensive.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
JO,
IDS to meet PCI or HIPAA requirements is "regulatory grade". It meets speci=
fic notification and logging requirements. SNORT-based systems fall into th=
is category.=20
-mel beckman
> On Feb 13, 2015, at 10:00 AM, "J. Oquendo" <joquendo@e-fensive.net> wrote=
:
>=20
>> On Fri, 13 Feb 2015, Mel Beckman wrote:
>>=20
>> Unless you need regulatory-grade IDS, your best bet is a Unified Threat =
Management (UTM) appliance, essentially any modern enterprise grade firewal=
l such as a Cisco ASA, Fortigate, SonicWall, etc. These all have built-in I=
DS/IPS options for a fee.
>>=20
>> -mel
>=20
> With all due respect, is regulatory-grade IDS the same as
> say "military-grade" encryption?=20
>=20
> --=20
> =3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=
=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
>=20
> "Where ignorance is our master, there is no possibility of
> real peace" - Dalai Lama
>=20
> 0B23 595C F07C 6092 8AEB 074B FC83 7AF5 9D8A 4463
> https://pgp.mit.edu/pks/lookup?op=3Dget&search=3D0xFC837AF59D8A4463
