Jesse <ras1@xxxxxxxxxxxxxxxx> wrote: > Just curious what you use for this. Depends on the budget. ;-> I'm partial to Nokia solutions for financial sectors, although I _never_ put all my eggs in one basket. I typically and _always_ use Snort for the network IDS, including the free update subscription. It can't hurt to have Snort (or even their SourceFire subscription) in addition to non-freedom solutions. For a freedom host IDS, a combination of Snort IDS and then Portsentry targetting active (or commonly targetted) services. For layer-7 services, I shouve out some serious money when I can (i.e., 5 figures). When I can't, I make sure it's in a DMZ. I'm still looking for a freedom layer-7 scanning service. It's never a matter of whether you will be hacked, it's a matter of when. Updating only goes so far (although it's clearly the best move). Basic 1, 2 and 3 sigma statistics generally apply here (I appologize for my over-simplistic application of risk analysis -- but I'm an engineer after all ;-). Updating only gets you to 1 (~67%). I prefer the "defense-in-depth" of adding network and host IDS as well, getting me to 2 (~96%) and letting me know when I've been compromised (like even my wife's system home Windows system was c/o some spyware earlier this year). Ideally, anytime you have any layer-7 application service (or even client -- such as a resident virus scanner that scans specific, incoming/outgoing ports), active scanning is ideal. That's more 3 sigma (>99%), assuming you use network and host IDS too. -- Bryan "I've definitely done too much [Practices] today" Smith P.S. For defense, there are MIL-STD and CCEA -- and MAC/RBAC is required by default (and must be explained with exceptions if not). And such networks _never_ go on publicly accessible networks -- although that's still 70% of the battle (although MAC/RBAC addresses it fairly well). -- Bryan J. Smith Professional, Technical Annoyance b.j.smith@xxxxxxxx http://thebs413.blogspot.com ---------------------------------------------------- *** Speed doesn't kill, difference in speed does ***