Re: New to Snort !!!

Doug.Janelle_at_Thermo.com
Date: 06/01/05

  • Next message: Peter Schawacker: "RE: IDS\IPS that can handle one Gig"
    To: Justin.Ross@signalsolutionsinc.com
    Date: Wed, 1 Jun 2005 12:12:07 -0400
    
    

    Justin.Ross wrote:

    > my advice would be to place [the IDS] inside your
    > edge device, or behind your firewall. You won't see
    > external attacks to your firewall, but you will see
    > how/what attacks are coming through your edge and
    > into your "trusted" network,

    I couldn't agree more, Justin. There's really not a whole
    lot one can do about all the miscreants banging on the
    door, so inundating your analysts with huge amounts of
    data on attacks they can't do anything about only dulls
    thier senses and dilutes the value of the data. Moving the
    sensor inside improves the signal-to-noise dramatically.
    You get the most value from knowing who got past your first
    line of defence, and who's trying to get back out.

    dcj2

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------


  • Next message: Peter Schawacker: "RE: IDS\IPS that can handle one Gig"

    Relevant Pages

    • Re: Hacking to Xp box
      ... I think there was a misunderstanding in the firewall point: ... you need to find some vulnerability that could be exploited to run ... > restricts most of the attacks that use anonymous connections. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ...
      (Pen-Test)
    • Re: Hacking to Xp box
      ... I think there was a misunderstanding in the firewall point: ... you need to find some vulnerability that could be exploited to run ... > restricts most of the attacks that use anonymous connections. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ...
      (Pen-Test)
    • RE: Hacking to Xp box
      ... I think there was a misunderstanding in the firewall point: ... Regarding ICMP backdoors, this technique was first use by some skilled guy ... you need to find some vulnerability that could be exploited to run ... > restricts most of the attacks that use anonymous connections. ...
      (Pen-Test)
    • Re: Hacking to Xp box
      ... I think there was a misunderstanding in the firewall point: ... you need to find some vulnerability that could be ... > restricts most of the attacks that use anonymous connections. ... > Audit your website security with Acunetix Web Vulnerability ...
      (Pen-Test)
    • Re: Can I protect myself against network attacks?
      ... I consider the SP2 PFW "half a firewall", and many I've read say it ... or listening in, and no virus or trojans from a system scan via KAV. ... After all, the attacks did ...
      (comp.security.firewalls)