- Posts: 29
- Thank you received: 0
IDS
21 years 2 months ago #1159
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Heres a link to one of the other posts to the same question
www.firewall.cx/modules.php?name=Forums&...mp;highlight=ids+eds
As you can see, snort got the thumbs up as the network IDS , you can also run tripwire over any important hosts you have (I'm sure theres a windows port of tripwire if you need it).
The art is in where you place it, lots of people think you can just point it at all incoming traffic right behind the router, but if you generate a sizeable amount of traffic you're gonna be loading down the IDS, and often they end up skipping packets because they're busy processing. Not to mention you'll probably get way more false positives this way.
Identify your crown jewels (as crude as that might sound) and position it to protect them best.
Later,
www.firewall.cx/modules.php?name=Forums&...mp;highlight=ids+eds
As you can see, snort got the thumbs up as the network IDS , you can also run tripwire over any important hosts you have (I'm sure theres a windows port of tripwire if you need it).
The art is in where you place it, lots of people think you can just point it at all incoming traffic right behind the router, but if you generate a sizeable amount of traffic you're gonna be loading down the IDS, and often they end up skipping packets because they're busy processing. Not to mention you'll probably get way more false positives this way.
Identify your crown jewels (as crude as that might sound) and position it to protect them best.
Later,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
21 years 2 months ago #1190
by tfs
Thanks,
Tom
The nice thing about Snort is there are a few books that you can peruse at the bookstore on the program. Give you an idea on what is involved and whether you want to go in that direction.
Just sit down, kick back, have a brew (tea or coffee, I'm sure), and spend an hour checking it out.
Just sit down, kick back, have a brew (tea or coffee, I'm sure), and spend an hour checking it out.
Thanks,
Tom
Time to create page: 0.139 seconds