Security Basics mailing list archives
Re:NIDS
From: Juan B <juanbabi () yahoo com>
Date: Fri, 10 Jun 2005 10:32:45 -0700 (PDT)
HI , before deploying an IDS u should know that this kind of systems needs a lot of maintanance. setting and configuering the sensors is not a big deal ,it is the Alerts handeling that needs to be configured. whan you first install and start to recieve alerts you will receive many false positive alerts on your machines. in large firms there is a dedicated employee which his task is only to handle this system. also consider having a very strong managment server to handle all the alerts (mysql server most of the time). use snort as an ids system . you will need a signiture handleing application which you can find in www.activework.org. also be sure to armor the sensors before plug in tham to the network, I would out a sensor in the DMZ and in each network sigment . but not between the router and the Firewall, It will just fill your managment server with a lot of unusefull alerts. Remember- false positives is the number 1 problems with IDS's hope it helped. Juan Fernandez. Security Engineer Tel: +972-52-4306781 Mcse Ccna Ccsa Scsa __________________________________ Discover Yahoo! Stay in touch with email, IM, photo sharing and more. Check it out! http://discover.yahoo.com/stayintouch.html