[Cialug] Intrusion Detection/Prevention

[jaybabel at mchsi.com]

Tim, my company(Software Engineering Services) might be able to help you.  Ty
Kirk is a security analyst on my team (not a sales guy).  If you want to send Ty
an email and let him know what you're looking for, he can help you out without
throwing a sales pitch at you.  

Here's Ty's email address: tkirk at sessolutions.com

The company is based in Omaha but Ty and I are part of the Des Moines office.

Company Website: http://www.enterprisesecurityserv.com/

Jay



> Aaron Porter wrote:
> > On 12/9/05, *Nathan C. Smith* <smith at ipmvs.com <mailto:smith at ipmvs.com>> 
> > wrote:
> > 
> >     Anyone use anything?  I'm not sold on the concept - maybe I don't
> >     understand
> >     it.  If you lock everything down it shouldn't be an issue should
> >     it?  Don't
> >     you want to know about new attacks that were/are successful?
> > 
> > 
> > If a bank locks their vault at night, why have a security camera? IDS 
> > software can be really nice to keep an eye on your network; even if 
> > there is no hacking. I've run both Snort and Bro. Snort was nice because 
> > it was incredibly well supported and very well documented. Bro 
> > (http://bro-ids.org/) is nice because rather than matching an exploit 
> > string can watch for a regex, but the most valuable feature to me is 
> > that it watches for "strange" traffic. SMTP/ssh/etc on odd ports, 
> > strange tcp connection patterns, etc. Sometimes it sends me scrambling 
> > after a Skype user by accident, but it does a pretty good job of 
> > filtering alerts.
> 
> Does anyone locally do some consulting on this sort of stuff? I have 4 
> public-facing servers that I would like to have someone evaluate and 
> lock down to some extent.
> 
> Tim
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug