Security Basics mailing list archives
RE: NIDS
From: "Smith, Ryan" <Ryan.Smith () MWAA com>
Date: Fri, 10 Jun 2005 12:08:30 -0400
Hi, The following link is a gold mine on all things IDS (at least in my opinion). http://www.honeypots.net/ids/links Hands down snort is probably the most famous intrusion detection system. www.snort.org As far as scenarios go, I think it is a good idea to place a sensor before and directly behind your firewall. This acts as a sanity check on how well your firewall is doing. Also if you have a dmz you definetly want a ids sensor there because your dmz (in therory) should not be initiating any type of connections. And then lastly place a sensor on your segments that you feel have critital resources (in my case at work HIPAA data). These are just my two cents based on my experiences in the field thus far. Hth Ryan Smith -----Original Message----- From: Sudheer Reddy Vakati [mailto:svakati () gmail com] Sent: Friday, June 10, 2005 2:56 AM To: security-basics () securityfocus com Subject: NIDS Hi, I am trying to learn more about NIDS. I am looking for information on deployment scenarios. Can someone point me links that give me variuos deployment scenarios? What are the most popular network based intrusion detection systems ? Can someone also point me links to them ? Regards, V. Sudheer Reddy