Re: newbie quetsions

ken_i_m_at_elegantinnovations.net
Date: 12/28/04

  • Next message: Fabien Degouet: "Re: newbie quetsions"
    Date: Mon, 27 Dec 2004 22:57:15 -0700
    To: focus-ids@securityfocus.com
    
    

    On Fri, Dec 24, 2004 at 04:07:30PM +0100, Andrey Todorov (andreyt@gawab.com) wrote:
    > I tried several times to subscribe myself to "Security Basics" mailing
    > list to ask my questions,
    [...]
    > 1. Do I need IDS?
    > 2. What do you think about Snort? Can I find easy maintainable
    > free/opensource IDS then Snort?
    > 3. What IDS literature should I read?

    Your questions indicate that you need to try harder at getting on the
    "Security Basics" mailing list. :-)

    Security is a tradeoff. -- Bruce Schneier

    Have you done all the basics first? They are basics because they are
    the kinds of things that give the most bang for the buck. You mention a
    firewall box, good. Has it been hardened? Do you have a good back up
    plan? Do you have a good restoration from back up plan? Are the
    systems fully patched? You need to ask and answer yourself these and
    other such system administration type questions.

    Then if you are still concerned you need to do a risk assessment. Who
    are you defending against? Script kiddies? Well financed criminals?
    The NSA? Is assuring availability of the systems worth the large
    additional effort of running an IDS for the marginal net gain? You may
    find that your energy is better spent on file integrity and back up.
    Every situation is different and you need to understand the basics so
    that you can evaluate these for yourself. Or hire a consultant that you
    trust to ask and answer these questions for you.

    -- 
    I reason and act, therefore, ken_i_m
    Chief Gadgeteer, Elegant Innovations
    Founder, Bozeman Linux Users Group
    (406) 581-0495
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from 
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
    to learn more.
    --------------------------------------------------------------------------
    

  • Next message: Fabien Degouet: "Re: newbie quetsions"

    Relevant Pages

    • Re: Value of "richer" signatures?
      ... Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help ... Let's say you are using a simple packet grepping IDS ... > an FTP connection). ...
      (Focus-IDS)
    • Re: ids inquisition
      ... Subject: ids inquisition ... Snort isn't one of them. ... Brian Caswell - CSV output plugin, ... Christian Lademann - active response, ...
      (Focus-IDS)
    • RE: IDS recommendations
      ... Subject: IDS recommendations ... Snort is a relatively raw tool and that usually adds ... >> I can appreciate your comments on the ISS product. ...
      (Focus-IDS)
    • RE: "Free" IDS
      ... I am very surprised noone mentioned Demarc PureSecure IDS solution. ... It cost less than 2000.00 and it runs off of the snort engine and has a big ... if you want to learn snort then just read up on it. ...
      (Focus-IDS)
    • RE: Test tools for IDS
      ... "Sneeze" is great for Snort IDS. ... Captus Networks IPS 4000 ... Intrusion Prevention and Traffic Shaping Technology to: ...
      (Focus-IDS)