Page 478 - StudyBook.pdf
P. 478
462 Chapter 7 • Topologies and IDS
tures to match. For example, Guardent is an MSSP that includes compre-
hensive firewall IDS and IPSes among its various customer services; visit
www.guardent.comfor a description of the company’s various service
programs and offerings.
A huge number of potential vendors can provide IDS and IPS products to
companies and organizations.Without specifically endorsing any particular vendor,
the following products offer some of the most widely used and best-known solu-
tions in this product space:
■ Cisco Systems is best known for its switches and routers, but offers sig-
nificant firewall and intrusion detection products as well (www.cisco.com).
■ GFI LANguard is a family of monitoring, scanning, and file integrity
check products that offer broad intrusion detection and response capabili-
ties (www.gfi.com/languard/).
■ Internet Security Systems (ISS) offers a family of enterprise-class
security products called RealSecure, that includes comprehensive intrusion
detection and response capabilities (www.iss.net).
■ McAfee offers the IntruShield IPS systems that can handle gigabit speeds
and greater (www.mcafee.com).
■ Sourcefire is the best known vendor of open source IDS software as they
are the developers of Snort, which is an open source IDS application that
can be run on Windows or Linux systems (www.snort.org).
Getting Real Experience Using an IDS
Head of the Class… bootable Linux OSes. Since all of the tools are precompiled and ready to
One of the best ways to get some experience using IDS tools like
TCPDump and Snort, is to check out one of the growing number of
run right off the CD, you only have to boot the computer to the disk. One
good example of such a bootable disk is Backtrack. This CD-based Linux
OS actually has over 300 security tools that are ready to run. Learn more
at www.remote-exploit.org/backtrack.html.
www.syngress.com
