Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Which IPS?


  • Please log in to reply
10 replies to this topic

#1 netwatch

netwatch

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 14 September 2016 - 01:25 AM

Hello everyone

 

We are searching for an IPS (Intrusion Prevention System) which:

  • Runs on Windows Server
  • Is suitable for around 600+ client machines
  • Is manageable by "regular" network administrators (without advanced / deep security knowledge)
  • We would prefer a Network-based System but would also put up with a Host-based one.

Is there a software out there that meets these requirements?

 

P.S.

I hope that's the right sub-forum ;)

 

 

Thanks for your help!



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:01 AM

Posted 14 September 2016 - 03:40 AM

It's pretty much impossible to run a reliable IPS without good networking and security knowledge.

 

Perhaps some further study and training is required for particular individuals. Then a period running an IDS to log traffic and better understand what is happening on your network before implementing a full IPS.



#3 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:11:01 AM

Posted 14 September 2016 - 07:46 PM

I would say sonicwall but its been known for a while it had back doors for the NSA after it was revealed in the leaks!

So yeh that along with the cisco routers LOL.



#4 DungeonMaster

DungeonMaster

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 16 September 2016 - 03:29 PM

Difficult to find something reliable on Windows OS... 

I'd take a look at snort or suricata but you need to go for a linux box...


Edited by DungeonMaster, 16 September 2016 - 03:31 PM.


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 17 September 2016 - 02:23 PM

Difficult to find something reliable on Windows OS... 

I'd take a look at snort or suricata but you need to go for a linux box...

 

I run Snort on Windows machines. Runs fine.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 netwatch

netwatch
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 19 September 2016 - 12:17 AM

Allright thanks for your anwers, I will take a look at some IDS and maybe further training.



#7 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:09:01 PM

Posted 22 September 2016 - 10:51 AM

Honestly, if you have a smaller team, managing an IPS or IDS can be a bit hard. Not impossible, but hard. I'm on a two man security team and we have about 300 more computers than you do. We get millions of hits on our SIEM per quarter. It really would be very very difficult for me and my boss to manage everything coming into that IDS.

 

So we use a third party vendor, which you might want to look into using. They would manage the IPS or IDS, that way they filter out the things that aren't necessary for you to look at, and you only get the tickets that should be looked at. Its a much more manageable solution.

I'd say most IPS or IDS systems run off Linux. Windows is usually not conducive to that type of system.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#8 DungeonMaster

DungeonMaster

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 22 September 2016 - 01:15 PM

 

Difficult to find something reliable on Windows OS... 

I'd take a look at snort or suricata but you need to go for a linux box...

 

I run Snort on Windows machines. Runs fine.

 

 

I meant it's difficult to have a stable and reliable IPS gateway running a Windows OS.

In this case I'd prefer to run snort on a *nix system and manage it as a real IPS. this means make it able to drop malicious packets automatically. 

Moreover, in the same box you can parallel run a squid proxy server in order to further filter your traffic.


Edited by DungeonMaster, 22 September 2016 - 01:16 PM.


#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 23 September 2016 - 08:39 AM

Snort is reliable and stable on Windows.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 DungeonMaster

DungeonMaster

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 23 September 2016 - 01:58 PM

Snort is reliable and stable on Windows.

What I mean is that I would never rely on a Windows system to build up a network security appliance.
And this is why most network security appliances have different OS and most of them are derivated from unix.
But I don't want to rise the topic "better linux or better windows"...

Edited by DungeonMaster, 23 September 2016 - 01:59 PM.


#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 24 September 2016 - 03:42 PM

The OP is asking for a Windows solution.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users