RE: CRIME Checkpoint versus Sonicwall

From: Andrew Plato (aplato@private)
Date: Fri Aug 30 2002 - 18:59:55 PDT

  • Next message: Crispin Cowan: "Re: CRIME Checkpoint versus Sonicwall"

    > Nicholas Murphy wrote:
    >> I have not wanted to jump on this bandwagon, but here are my 
    >> 2 cents. Lets say I am a small company with 10 to 150 employees and I 
    >> know that the internet is a "dangerous" place and I have valuable data on 
    >> my internal systems.
      
    >> Since my company has a very small IT budget (or no budget) 
    >> because the powers that be do not want to spend money on technology.  
    >> Are most of you saying that this small company should just go without any 
    >> IDS or firewall because they do not have the money for it?
    
    I would say that you need to prioritize your needs and I would agree with Crispin (mark this moment, it happens infrequently) that a firewall is probably priority one. 
    
    Were I to "prioritize" your company's computer security issues, it might look something like this.
    
    1. Firewalls and perimeter defense (including VPN/remote access)
    2. Centralized user accounts and access control lists
    3. System hardening (including virus scanning)
    4. Risk assessment & analysis
    5. Company/organizational security policies
    6. Intrusion detection and monitoring
    7. Vulnerability assessment
    8. System integrity
    9. Two-factor logon
    10. Process-level security
    11. PKI
    
    Now we could haggle over the order of such a list and I am sure others may add or delete items, but the idea is to prioritize needs and determine what is most important. IDS offers a lot of information about your systems, but it is a rather significant commitment. You can't just willy-nilly start throwing IDS on your network and expect immediate security. 
    
    IDS is also not a replacement for a firewall, virus scanning, system hardening, etc. Each one of these items has its value and each has its cost. I personally feel firewalls, system hardening, and virus scanning is more important than IDS. But, once you have those things, you're ready for IDS. And IDS will deliver a significant amount of insight into what is going on within your network and its perimeter (provided you install, use, and manage the IDSs properly.) 
    
    Furthermore, IDS does not need to cost a lot. Snort is a free and can give you a lot of info. Heck BlackICE Defender (a host-based IDS marketed as a "personal firewall") is $29.00 at Frys and it's IDS engine is a relative of the $50,000 engine inside RealSecure Network Sensor Gigabit. 
    
    As for Anitian's solution...our goal is to fill the mammoth gap between expensive 24/7/365 monitoring (which often does not do any analysis work) and the vast void of NOTHING. After helping dozens of companies implement IDS and firewall solutions, I noticed that a lot of these places lacked the manpower and skills to effectively analyze and manage the data these systems were producing. 
    
    So rather than berate these customers for buying something they couldn't handle, I designed a service to handle some of the more monotonous maintenance, analysis, tuning, and updating aspects of these complex systems. Furthermore, we can make sure the systems are tuned to optimal settings, ensuring that any "middle of the night" pages are really an intrusion and not just a trigger happy NOC operator who just lost his 5th round of Counter-Strike and decided to take his frustrations on you and your poor IDSs. 
    
    ------------------------------------
    Andrew Plato, CISSP
    President / Principal Consultant
    Anitian Corporation
    
    (503) 644-5656 office
    (503) 201-0821 cell
    http://www.anitian.com
    ------------------------------------
    



    This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 20:03:58 PDT