Re: Snort IDS
From: Bennett Todd (bet@rahul.net)Date: 09/24/02
- Previous message: Craig Humphrey: "RE: IIS listens to port 80 on 0.0.0.0"
- In reply to: hejimenez@bancoagricola.com: "Snort IDS"
- Next in thread: Brad Arlt: "Re: Snort IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Sep 2002 16:28:58 -0400 From: Bennett Todd <bet@rahul.net> To: hejimenez@bancoagricola.com
2002-09-23-18:07:29 hejimenez@bancoagricola.com:
> I'm an EDP auditor and I want to know some commentaries about the
> use of Snort IDS...I'de like to know if anyone recommend it and if
> it's a good choice to install in a financial organization.
I'm a security analyst working in a financial organization.
At this and previous such I've installed Snort IDS sensors.
Snort is among the best of the IDS systems. Different systems have
different strengths, but if the deploying organization has the
expertise to configure and manage snort systems, you can get a very
good coverage that way. Snort sigs are developed and maintained
quite aggressively. The tool itself is sound.
_Any_ IDS deployment requires an appropriate amount of expertise.
Exactly what expertise is required in what fields will vary from one
IDS to another; that's often the most important determinant of which
one is best for a given organization.
You might want to read back issues of the focus-ids mailing list,
also right here at SecurityFocus. Also, there's a very fine
snort-users mailing list with archives reaching back years, it's
linked off www.snort.org.
-Bennett
- application/pgp-signature attachment: stored
- Previous message: Craig Humphrey: "RE: IIS listens to port 80 on 0.0.0.0"
- In reply to: hejimenez@bancoagricola.com: "Snort IDS"
- Next in thread: Brad Arlt: "Re: Snort IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
