IDS/IPS question for the security pros

geek4god

So I was poking around on the websites doing rack rentals and noticed an IDS-4235 listed. Which got me thinking.. We are a small organization and I have looked at some of the open source IDS/IPS systems out there as IDS is not a huge issue for us (more a like to have) and our firewall has some IPS features. I checked eBay and the IDS-4235 can be had for $220. So I got to thinking about adding a Cisco IDS appliance. This would give me some good exposure to the technology, might help on down the road when looking for a job, and add some security to the network.
So are used Cisco appliances usable outside a lab? I ask as I am used to Barracuda and Astaro not letting you use their gear unless you bought it from them. Is Cisco the same way? I assume there is some sort of maintenance/update service I would have to buy to keep it updated, but is this even an option on old gear?

Last question, I don’t want to put something in a live environment that is going to bog down the network. I know the IDS-4235 is older; are there some newer and better options that won’t break the bank? I can call my CDW rep, but the last time I asked about a Cisco NAC the guy about wet himself and was all over me for a few weeks! I trust these boards so I thought I would start here..

You might need more information about us to make an educated recommendation. We have an Astaro ASG320 firewall and about 500 users. Nothing sexy, email and internet is primary focus, almost no VPN ect ect..

wastedtime

Well, I wouldn't use used gear in a live network unless it was certified by the manufacturer. Also the 4235 is past its end-of-life so Cisco has stopped putting out signatures and won't allow service and support for it once you get it.

If you are looking for cheap IDS monitoring you may want to set up a box and run bro or snort (or both) on it. While this is cheaper it does take a lot of work by comparison to get up and running from scratch.