Re: New to Snort !!!
Doug.Janelle_at_Thermo.com
Date: 06/01/05
- Previous message: Andrew Plato: "RE: IDS\IPS that can handle one Gig"
- Maybe in reply to: Justin.Ross_at_signalsolutionsinc.com: "Re: New to Snort !!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Justin.Ross@signalsolutionsinc.com Date: Wed, 1 Jun 2005 12:12:07 -0400
Justin.Ross wrote:
> my advice would be to place [the IDS] inside your
> edge device, or behind your firewall. You won't see
> external attacks to your firewall, but you will see
> how/what attacks are coming through your edge and
> into your "trusted" network,
I couldn't agree more, Justin. There's really not a whole
lot one can do about all the miscreants banging on the
door, so inundating your analysts with huge amounts of
data on attacks they can't do anything about only dulls
thier senses and dilutes the value of the data. Moving the
sensor inside improves the signal-to-noise dramatically.
You get the most value from knowing who got past your first
line of defence, and who's trying to get back out.
dcj2
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Andrew Plato: "RE: IDS\IPS that can handle one Gig"
- Maybe in reply to: Justin.Ross_at_signalsolutionsinc.com: "Re: New to Snort !!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
