Security Basics mailing list archives

RE: NIDS

From: "Smith, Ryan" <Ryan.Smith () MWAA com>
Date: Fri, 10 Jun 2005 12:08:30 -0400

Hi,

The following link is a gold mine on all things IDS (at least in my
opinion).
http://www.honeypots.net/ids/links

Hands down snort is probably the most famous intrusion detection system.
www.snort.org

As far as scenarios go, I think it is a good idea to place a sensor
before and directly behind your firewall.  This acts as a sanity check
on how well your firewall is doing.  Also if you have a dmz you
definetly want a ids sensor there because your dmz (in therory) should
not be initiating any type of connections.  And then lastly place a
sensor on your segments that you feel have critital resources (in my
case at work HIPAA data). These are just my two cents based on my
experiences in the field thus far.

Hth

Ryan Smith

-----Original Message-----
From: Sudheer Reddy Vakati [mailto:svakati () gmail com] 
Sent: Friday, June 10, 2005 2:56 AM
To: security-basics () securityfocus com
Subject: NIDS

Hi,
I am trying to learn more about NIDS.
I am looking for information on deployment scenarios. Can someone point
me links that give me variuos deployment scenarios?
What are the most popular network based intrusion detection systems ?
Can someone also point me links to them ?

Regards,
V. Sudheer Reddy

Current thread:

NIDS Sudheer Reddy Vakati (Jun 10)
- Re: NIDS Mitchell Rowton (Jun 13)
- RE: NIDS Carl Tucker (Jun 21)
- <Possible follow-ups>
- RE: NIDS Smith, Ryan (Jun 10)
- Re:NIDS Juan B (Jun 13)