[Dshield] Security in Layers

Pete Cap peteoutside at yahoo.com
Thu Mar 25 01:38:35 GMT 2004


I see some folks have recommended SNORT.  It's a
perfect place to start, but let me also add that there
are plenty of white papers on how to set up the
standard SNORT + MySQL solution for signature-based
intrusion detection.

The SANS reading room at http://www.sans.org/rr/ is an
excellent place to begin your research.



--- Graham Dodd <g.dodd at falk-ross.de> wrote:
> Hello all,
> I want to add another layer to our network security
> and would appreciate
> advice from the list.
> Our setup is Cisco Router with appropriate ACL's,
> Linux firewall, DMZ for
> mail server (running 2 x AV and SA), and webshop,
> and our internal network.
> I would like to put a "box" on the internal network
> to watch for any
> unauthorized activity, either someone who got
> through the outside, or a
> worm doing it's dirty work from the inside.
> My preference would be a Linux computer, but my main
> problem is I don't know
> what software to run to provide the best detection.
> I don't want to start a
> "mine is better than yours war" I would just like
> your experiences and
> working solutions.
> Thank you for any assistance,
> Graham
> Graham K. Dodd
> Director of Operations
> Falk & Ross GmbH
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or
> unsubscribe), see:

Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.

More information about the list mailing list