Re: Discussion about IDS's

[Gonzalo Martinez <karmax () gmail com>]

Hello Juan

        On 7/12/05, Juan B <juanbabi () yahoo com> wrote:
        > I configured and using snort IDS with 7 sensors. I
        > just cant rid of the false positives... is it a lot of
        > maintannce or is it just me ?

The maintenance is _REALLY_ variable, it depends on the config among others.
I allways think "if you dont need it, dont install it"... but well if
you want, you can install ACID and Mysql, to have a "fancy" show for
the snort output.

        > is it true that in some firms there is a dedicated
        > person for the IDS system.

Some networks have a dedicated person, but it depends on the traffic,
rules, security, etc.
I never has a person working with me that only have the task of
analyze that, try SNORT with ACID and MySQL, i think that it will make
things more easy.

Good luck

--
Gonzalo Martinez
Jabber: KarMax () jabber org