[Cialug] Intrusion Detection/Prevention
Aaron Porter
atporter at gmail.com
Fri Dec 9 15:14:28 CST 2005
On 12/9/05, Nathan C. Smith <smith at ipmvs.com> wrote:
>
> Anyone use anything? I'm not sold on the concept - maybe I don't
> understand
> it. If you lock everything down it shouldn't be an issue should
> it? Don't
> you want to know about new attacks that were/are successful?
>
If a bank locks their vault at night, why have a security camera? IDS
software can be really nice to keep an eye on your network; even if there is
no hacking. I've run both Snort and Bro. Snort was nice because it was
incredibly well supported and very well documented. Bro (http://bro-ids.org/)
is nice because rather than matching an exploit string can watch for a
regex, but the most valuable feature to me is that it watches for "strange"
traffic. SMTP/ssh/etc on odd ports, strange tcp connection patterns, etc.
Sometimes it sends me scrambling after a Skype user by accident, but it does
a pretty good job of filtering alerts.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20051209/8d1fd84b/attachment.htm
More information about the Cialug
mailing list