IDS

I am looking to adding some intusion detection. I will be making it linux based. ANy ides on a good one to use? I have started looking at snort :shock:

Heres a link to one of the other posts to the same question
www.firewall.cx/modules.php?name=Forums&...mp;highlight=ids+eds

As you can see, snort got the thumbs up as the network IDS , you can also run tripwire over any important hosts you have (I'm sure theres a windows port of tripwire if you need it).

The art is in where you place it, lots of people think you can just point it at all incoming traffic right behind the router, but if you generate a sizeable amount of traffic you're gonna be loading down the IDS, and often they end up skipping packets because they're busy processing. Not to mention you'll probably get way more false positives this way.

Identify your crown jewels (as crude as that might sound) and position it to protect them best.


Later,

The nice thing about Snort is there are a few books that you can peruse at the bookstore on the program. Give you an idea on what is involved and whether you want to go in that direction.

Just sit down, kick back, have a brew (tea or coffee, I'm sure), and spend an hour checking it out.