[Dshield] Security in Layers
Johannes B. Ullrich
jullrich at sans.org
Wed Mar 24 22:55:22 GMT 2004
Couple remarks about snort:
it is very much my favorite IDS. I think it will work great
in your spot.
To get the most out of it:
- take the time to learn about how Snort signatures are
written. Without customizing the default signatures, snort
doesn't do much good.
- get yourself a decent frontend. ACID is ok. I have started
using 'sguil' recently (last week ;-)) for my home network,
and it is so far worth the pain installing it.
any ids requires good tuning to be useful. Putting it behind
a firewall, like you are planning to do, should make it possible
to tailor it just to your network.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040324/7eb04a4d/attachment.bin
More information about the list