RE: Is snort an overkill for desktop only environment ?

["Jason Hurst" <Jason.Hurst () PandaRG com>]

Hi Martin,

I believe you are taking the wrong approach to the situation.

Installing an IDS/IPS solution is not about whether or not your systems are traditional desktops or servers, but about 
the sensitivity of your data and where it rests and travels.

Are you storing or processing sensitive information, such as Social Security Numbers or Credit Cards? Or is it data 
that is not that sensitive, maybe you just process public press releases....

You should try and figure out how sensitive the data you have is and how motivated the "bad guys" are to get it.
 
Jason Hurst
Sr. Network Security Administrator
Panda Restaurant Group
jason.hurst () pandarg com
Please consider the environment before printing this email

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of martin
Sent: Saturday, October 24, 2009 11:54 AM
To: security-basics () securityfocus com
Subject: Fwd: Is snort an overkill for desktop only environment ?

anybody have any thoughts at all ?


---------- Forwarded message ----------
From: martin <martiniscool () gmail com>
Date: 2009/10/22
Subject: Is snort an overkill for desktop only environment ?
To: security-basics () securityfocus com


Hi all

I've been reading up on IDP recently, and particularly started looking
at snort.  I'm considering suggesting to my boss that we install it at
a small branch office I'm based at.  However, all that we have at the
branch office are a few desktop PC's, a firewall, switch, and a
printer.  Our DC, file server etc, is at head office and accessed
using a VPN.

Is it worth installing IDP in simplified environment such as this ?
Or is it designed for more "complex" environments which have more
resources such as file servers, web servers etc ??

Also, currently we wouldn't have anything in the budget to pay for the
$500 rule subscription for one sensor - so all the rules we would be
getting would be 30 days old.  Is it worth having an IDP with rules
that are this old ?  Are they still of any value ?  I'm thinking back
to the conflicker threat last year - I know there was a Snort rule for
it, but without the subscription, we wouldn't have gotten it for 30
days.  So it would have been pretty much too late in that case.

I know that we can write our own rules, but I don't think anybody
would have time to do that.  So we'd be relying on what rules get
downloaded

Any feedback would be greatly appreciated

thanks in advance
M

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------