[Cialug] Intrusion Detection/Prevention
Tim Perdue
tim at perdue.net
Fri Dec 9 15:32:23 CST 2005
Aaron Porter wrote:
> On 12/9/05, *Nathan C. Smith* <smith at ipmvs.com <mailto:smith at ipmvs.com>>
> wrote:
>
> Anyone use anything? I'm not sold on the concept - maybe I don't
> understand
> it. If you lock everything down it shouldn't be an issue should
> it? Don't
> you want to know about new attacks that were/are successful?
>
>
> If a bank locks their vault at night, why have a security camera? IDS
> software can be really nice to keep an eye on your network; even if
> there is no hacking. I've run both Snort and Bro. Snort was nice because
> it was incredibly well supported and very well documented. Bro
> (http://bro-ids.org/) is nice because rather than matching an exploit
> string can watch for a regex, but the most valuable feature to me is
> that it watches for "strange" traffic. SMTP/ssh/etc on odd ports,
> strange tcp connection patterns, etc. Sometimes it sends me scrambling
> after a Skype user by accident, but it does a pretty good job of
> filtering alerts.
Does anyone locally do some consulting on this sort of stuff? I have 4
public-facing servers that I would like to have someone evaluate and
lock down to some extent.
Tim
More information about the Cialug
mailing list