[Dshield] IPS/IDS solutions--your opinions?
Albert Gonzalez
albertg at cerveau.us
Sun Jan 27 18:18:30 GMT 2008
More often then not IDSes are good at finding misconfigured devices and/or scripts. You will use your sensors for so much more then just monitoring for potentially malicious activity.
--
Success comes to the person who does today, what you are thinking of doing tomorrow
-----Original Message-----
From: Scott Melnick <duckie37 at gmail.com>
Sent: Wednesday, January 23, 2008 11:31 AM
To: General DShield Discussion List <list at lists.dshield.org>
Subject: Re: [Dshield] IPS/IDS solutions--your opinions?
I agree that the Snort solution sounds like it will work for you very well.
Just like running Snoop on Cisco's IDS you can jump on the snort box and run
tcpdump or better yet, write your own customized snort rule for specific
situations. I've done this many times and utilized my snort boxes for
gathering other network data other than IPS/IDS.
Even with Sourcefires 3D commercial product you can add your own rules and
add rules that suit your needs from the OpenSource community.
Alerts will also show you the packets it captured so you can analyze the
threat.
Scott Melnick
_________________________________________
SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north if you can be in New Orleans. http://www.sans.org/info/15826
More information about the list
mailing list