I implemented just 1 network sensor for ISS Real Secure at a major
pediatric facility due to budgetary constraints. While it can be done I would
not recommend it especially if you have a large complex network. At the very
least you should deploy some HIDS with it for some added protection. I was
required to deploy a Snort server on the research side of the network because
it was "free". We implemented a centralized log server and parsed the logs
since we were using a combination of products.
We then had the alerts sent out to a Blackberry unit that was carried by the
on-call person.
D.DiGennaro
--------------------------------------------------------------------------------------------------------------------
IMPORTANT NOTICE. The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the
addressee(s) and may contain confidential or privileged information. If you are
not the intended recipient, or the employee or agent responsible for delivering
this message to the intended recipient, you are hereby notified that you
received this communication in error. Any review, dissemination, distribution
or copying of this communication is strictly prohibited. If you receive this
communication in error please send a return e-mail, and then delete this
message, together with any attachments. Thank you.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
