plan of defense - Tech Support

plan of defense: Posted by Dan on December 29th, 2003; For $20,000 I can get two commercial-grade network sensors and for another
$20,000 I can get a commercial grade vulnerability scanner. If I only have
$20,000 in the budget this year, would it be safer or "more secure" to use a
non-commercial grade vulnerability scanner like Nessus instead of the
commercial-grade vulnerability scanner and the commercial-grade IDS? _or_
Would it be safer to use a non-commercial grade network sensor like SNORT
and keep the commercial-grade vulnerability scanners?

Thanks,
Dan; Posted by Mimic on December 29th, 2003; "Dan" <bitsandbytes88@hotmail.com> wrote in message
news:bZCdnZQ4q6z-o22iRVn-vA@speakeasy.net...
Your gunna pay 20K for a vunerability scanner ? Are you insane ?

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"; Posted by Stephen K. Gielda on December 29th, 2003; In article <bZCdnZQ4q6z-o22iRVn-vA@speakeasy.net>, bitsandbytes88
@hotmail.com says...
Both snort and nessus are commercial grade and even better than most
"commercial grade" packages. The only thing you don't get is the
ability to dial a phone number for support, instead you have to hit the
Net for answers. I'd recommend using both snort and nessus and spending
that 20k elsewhere.

/steve
--
Protect yourself on-line. Hide your identifying details in e-mail,
usenet, and more. A privacy service like no other.
No one gives you more control over your e-mail than we do!
http://www.cotse.net/servicedetails.html; Posted by sponge on December 29th, 2003; On Mon, 29 Dec 2003 09:46:59 -0500, "Dan" <bitsandbytes88@hotmail.com>
wrote:

IMO, you are very well off with the free stuff, particularly if you
run a Windows network. Nessus and nmap will provide you a great amount
of vulnerability identification, and you can get some vulnerability
assessments for various plafforms from SecuritySpace. I can't say the
free stuff is "better' since you did not specify what tools you are
considering. Odds are good that some of the the commercial tools do a
couple of things the free ones don't, but the reverse may also be
true. Find out what the commercial tools will do and test them
yourself. If you can't get a product demo before laying out $20,000,
go elsewhere.

As far as IDS, pretty much the same applies. I've found most
commercial IDS' to be rather lacking in terms of signatures and
rulesets -- you need the ability to add custom signatures, not just
vendor-supplied ones. That is all-important. You can still crunch time
and attack statistics in a database so long as you have Snort logging
to MySQL. Some commercial IDS' are good for little more than letting
you know if you are being port-scanned. If you're looking for an IPS
solution rather than or along with a NIDS, you can even get a free IPS
to protect any platform: snort_inline, which will work with Snort
rules. Since you can add custom rules as you learn about new problems,
you can stay on top of the bad stuff. IPS is the one area where a
commercial product MAY have an appreciable edge -- for example, if it
can detect buffer overflow attempts or repeated login attempts, that's
very desirable. Otherwise, even a commercial NIPS or HIPS may not be
worth the money.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com; Posted by Mimic on December 31st, 2003; "Stephen K. Gielda" <steve@packetderm-no-spam.com> wrote in message
news:MPG.1a5a54cce5c671989e29@news.supernews.com.. .
He should give it to me :P

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"; Posted by joe on January 3rd, 2004; Second what Sponge wrote...plus, Mimic, take the 20k and get yourself some
quality SysAdmins.....usually the reason I've seen people by expensive
junk (like 'security' software) is that they don't want to do the 'work'
and get to understand and know their own network. One of the few really
good security 'tools' I've run across that IS worth paying for is
Solarwinds.....a network admin tool.

But other than that, proper configs (and do your
reading.....www.cisecurity.org, www.sans.org, www.blackhat.com...et
cetera) will get you farther....oh yeah...and Debbie's book (aka the slug
trail known as 'Tracker') ought to be out soon....read thatif you want to
get confused.

Cheers, 'Joe'

sponge wrote:

Similar Posts

"Defense manouver" caused me data loss. (Microsoft Windows) by Joy K427B
Re: Mez's 1108 Defense (Computers & Technology) by *
the spyware defense (Software & Applications) by status@rtdos.info
Re: business plan (Software & Applications) by Son Of Spy
Plan for upgrading my PC (Computer Hardware) by Grendel