[Cialug] Intrusion Detection/Prevention
Josh More
morej at alliancetechnologies.net
Mon Dec 12 09:18:23 CST 2005
Tim,
If you are interested, I belive that I can help you out. I do security,
best practice,
and Linux consulting for Alliance Technologies. If you are interested,
give me
a call, and we can discuss how much assistance you need, what levels of
security
are important to you, and how best we can help you.
--
-Josh More, RHCE, CISSP, NCLP
morej at alliancetechnologies.net
515-245-7701
>>>tim at perdue.net 12/09/05 3:32 pm >>>
Aaron Porter wrote:
>On 12/9/05, *Nathan C. Smith* <smith at ipmvs.com
<mailto:smith at ipmvs.com>>
>wrote:
>
> Anyone use anything? I'm not sold on the concept - maybe I don't
> understand
> it. If you lock everything down it shouldn't be an issue should
> it? Don't
> you want to know about new attacks that were/are successful?
>
>
>If a bank locks their vault at night, why have a security camera? IDS
>software can be really nice to keep an eye on your network; even if
>there is no hacking. I've run both Snort and Bro. Snort was nice
because
>it was incredibly well supported and very well documented. Bro
>(http://bro-ids.org/) is nice because rather than matching an exploit
>string can watch for a regex, but the most valuable feature to me is
>that it watches for strange traffic. SMTP/ssh/etc on odd ports,
>strange tcp connection patterns, etc. Sometimes it sends me scrambling
>after a Skype user by accident, but it does a pretty good job of
>filtering alerts.
Does anyone locally do some consulting on this sort of stuff? I have 4
public-facing servers that I would like to have someone evaluate and
lock down to some extent.
Tim
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20051212/131f1200/attachment.html
More information about the Cialug
mailing list