Re: newbie quetsions

[GuidoZ <uberguidoz () gmail com>]

> Hi People,

Greetings. =)

> I tried several times to subscribe myself to "Security Basics" mailing
> list to ask my questions, but didn't succeed. Excuse me if my questions
> aren't adequate to "Focus IDS" mailing list!

If it made it past the mods, then it's obviously welcome. ;) So no
worries at all.

[snip]
>     1. Do I need IDS?

That's a loaded question. No one *needs* and IDS, though it certainly
comes in handy if you want to be proactive about your network
security. =P I'd recommend it if you're curious or concerned about
InfoSec, yes.

>     2. What do you think about Snort? Can I find easy maintainable
> free/opensource IDS then Snort?

Snort is an extremely well designed, full featured IDS package. It's
pretty easy to setup and get the basics running, plus it could be done
on the hardware you have available, assuming you don't use massive
amounts of bandwidth. I wouldn't bother to look any further if you're
just starting out with an IDS. Snort should do everything you need to
have done and it's widely supported with tech support available all
over (including on this list).

>     3. What IDS literature should I read?

Well, if you're going to be using Snort, then I'd highly recommend the
user manual[1] as a good place to start. ;) There are also a variety
of different FAQs, Reviews, and information on IDS in general out
there. Some good beginning (but thorough) reading can be found at
SANS[2]. WindowsSecurity.com also has a nice writeup[3].

Beyond those, pop over to Google and do some hunting. Searching for
things like "IDS FAQ" or "what is IDS" will reveal hours of worthwhile
reading. =)

[1] - http://www.snort.org/docs/writing_rules/chap1.html
[2] - http://www.sans.org/resources/idfaq/
[3] - http://www.windowsecurity.com/faqs/Intrusion_Detection/

--
Peace. ~G


On Fri, 24 Dec 2004 16:07:30 +0100, Andrey Todorov <andreyt () gawab com> wrote:
> Hi People,
> I tried several times to subscribe myself to "Security Basics" mailing
> list to ask my questions, but didn't succeed. Excuse me if my questions
> aren't adequate to "Focus IDS" mailing list!
>
> I'll be very gratefull if you share your opinion with me for the
> following situation. I have small network (5 PCs) behind one Linux box
> (iptables firewall , Pentium I 166Mhz, 32MB RAM, 4GB HDD) and want to
> increase security for this network.
>
>     1. Do I need IDS?
>     2. What do you think about Snort? Can I find easy maintainable
> free/opensource IDS then Snort?
>     3. What IDS literature should I read?
>
> Thank you in advance!
>
> Andrey
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------