[Dshield] Security in Layers

Pete Cap peteoutside at yahoo.com
Thu Mar 25 01:38:35 GMT 2004


Graham,

I see some folks have recommended SNORT.  It's a
perfect place to start, but let me also add that there
are plenty of white papers on how to set up the
standard SNORT + MySQL solution for signature-based
intrusion detection.

The SANS reading room at http://www.sans.org/rr/ is an
excellent place to begin your research.

Regards,

Pete

--- Graham Dodd <g.dodd at falk-ross.de> wrote:
> Hello all,
> 
> I want to add another layer to our network security
> and would appreciate
> advice from the list.
> 
> Our setup is Cisco Router with appropriate ACL's,
> Linux firewall, DMZ for
> mail server (running 2 x AV and SA), and webshop,
> and our internal network.
> 
> I would like to put a "box" on the internal network
> to watch for any
> unauthorized activity, either someone who got
> through the outside, or a
> worm doing it's dirty work from the inside.
> 
> My preference would be a Linux computer, but my main
> problem is I don't know
> what software to run to provide the best detection.
> I don't want to start a
> "mine is better than yours war" I would just like
> your experiences and
> working solutions.
> 
> 
> Thank you for any assistance,
> 
> Graham
> 
> Graham K. Dodd
> Director of Operations
> Falk & Ross GmbH
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or
> unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html




More information about the list mailing list