Re: newbie quetsions
ken_i_m_at_elegantinnovations.net
Date: 12/28/04
- Previous message: Terry N.: "Re: Intrushield vs ISS"
- In reply to: Andrey Todorov: "newbie quetsions"
- Next in thread: Fabien Degouet: "Re: newbie quetsions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Dec 2004 22:57:15 -0700 To: focus-ids@securityfocus.com
On Fri, Dec 24, 2004 at 04:07:30PM +0100, Andrey Todorov (andreyt@gawab.com) wrote:
> I tried several times to subscribe myself to "Security Basics" mailing
> list to ask my questions,
[...]
> 1. Do I need IDS?
> 2. What do you think about Snort? Can I find easy maintainable
> free/opensource IDS then Snort?
> 3. What IDS literature should I read?
Your questions indicate that you need to try harder at getting on the
"Security Basics" mailing list. :-)
Security is a tradeoff. -- Bruce Schneier
Have you done all the basics first? They are basics because they are
the kinds of things that give the most bang for the buck. You mention a
firewall box, good. Has it been hardened? Do you have a good back up
plan? Do you have a good restoration from back up plan? Are the
systems fully patched? You need to ask and answer yourself these and
other such system administration type questions.
Then if you are still concerned you need to do a risk assessment. Who
are you defending against? Script kiddies? Well financed criminals?
The NSA? Is assuring availability of the systems worth the large
additional effort of running an IDS for the marginal net gain? You may
find that your energy is better spent on file integrity and back up.
Every situation is different and you need to understand the basics so
that you can evaluate these for yourself. Or hire a consultant that you
trust to ask and answer these questions for you.
-- I reason and act, therefore, ken_i_m Chief Gadgeteer, Elegant Innovations Founder, Bozeman Linux Users Group (406) 581-0495 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
- Previous message: Terry N.: "Re: Intrushield vs ISS"
- In reply to: Andrey Todorov: "newbie quetsions"
- Next in thread: Fabien Degouet: "Re: newbie quetsions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
