IIS and Snort
From: Brian Carvalho (brian.carvalho@verizon.net)Date: 09/20/01
- Previous message: James Murray: "Re: New problem"
- Next in thread: Kelley, John: "RE: IIS and Snort"
- Reply: Kelley, John: "RE: IIS and Snort"
- Reply: McCammon, Keith: "RE: IIS and Snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <003901c14159$153e8c40$1993c7c6@herzog.com> From: "Brian Carvalho" <brian.carvalho@verizon.net> To: <focus-ids@securityfocus.com> Subject: IIS and Snort Date: Wed, 19 Sep 2001 18:18:59 -0400
My company has an IIS 5 webserver sitting on the perimeter of
its network. I have done my best to disable and remove just about
every possible service, programs and other files that are not needed,
in my novice eyes I believe I have a bastion host.
I would like to setup some sort of IDS to monitor for this server.
What would be the best solution here? I was thinking of
Snort because I've heard so much good praise about it, and
because its free.
I have some questions I hope you can shed some light on
to get me moving up to speed...
Would Snort be a good choice for my application?
Are there specific Snort rulesets for IIS?
Is there any way to send alerts with Snort?
Should I monitor on the actual server or from an admin
machine?
Any help you can give me would be appreciated...
Thankyou.
- Previous message: James Murray: "Re: New problem"
- Next in thread: Kelley, John: "RE: IIS and Snort"
- Reply: Kelley, John: "RE: IIS and Snort"
- Reply: McCammon, Keith: "RE: IIS and Snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
