Skip to main content

IDS

More
21 years 2 months ago #1154 by pndennie
IDS was created by pndennie
I am looking to adding some intusion detection. I will be making it linux based. ANy ides on a good one to use? I have started looking at snort :shock:
More
21 years 2 months ago #1159 by sahirh
Replied by sahirh on topic Re: IDS
Heres a link to one of the other posts to the same question
www.firewall.cx/modules.php?name=Forums&...mp;highlight=ids+eds

As you can see, snort got the thumbs up as the network IDS :), you can also run tripwire over any important hosts you have (I'm sure theres a windows port of tripwire if you need it).

The art is in where you place it, lots of people think you can just point it at all incoming traffic right behind the router, but if you generate a sizeable amount of traffic you're gonna be loading down the IDS, and often they end up skipping packets because they're busy processing. Not to mention you'll probably get way more false positives this way.

Identify your crown jewels (as crude as that might sound) and position it to protect them best.


Later,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
21 years 2 months ago #1190 by tfs
Replied by tfs on topic Re: IDS
The nice thing about Snort is there are a few books that you can peruse at the bookstore on the program. Give you an idea on what is involved and whether you want to go in that direction.

Just sit down, kick back, have a brew (tea or coffee, I'm sure), and spend an hour checking it out.

Thanks,

Tom
Time to create page: 0.139 seconds