[Dshield] Security in Layers

Johannes B. Ullrich jullrich at sans.org
Wed Mar 24 22:55:22 GMT 2004


> www.snort.org

Couple remarks about snort:

it is very much my favorite IDS. I think it will work great
in your spot.

To get the most out of it:
- take the time to learn about how Snort signatures are
  written. Without customizing the default signatures, snort
  doesn't do much good.
- get yourself a decent frontend. ACID is ok. I have started
  using 'sguil' recently (last week ;-)) for my home network,
  and it is so far worth the pain installing it.

any ids requires good tuning to be useful. Putting it behind
a firewall, like you are planning to do, should make it possible
to tailor it just to your network.






-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040324/7eb04a4d/attachment.bin


More information about the list mailing list