IDS mailing list archives
Re: newbie quetsions
From: GuidoZ <uberguidoz () gmail com>
Date: Tue, 28 Dec 2004 00:33:00 -0500
Hi People,
Greetings. =)
I tried several times to subscribe myself to "Security Basics" mailing list to ask my questions, but didn't succeed. Excuse me if my questions aren't adequate to "Focus IDS" mailing list!
If it made it past the mods, then it's obviously welcome. ;) So no worries at all. [snip]
1. Do I need IDS?
That's a loaded question. No one *needs* and IDS, though it certainly comes in handy if you want to be proactive about your network security. =P I'd recommend it if you're curious or concerned about InfoSec, yes.
2. What do you think about Snort? Can I find easy maintainable free/opensource IDS then Snort?
Snort is an extremely well designed, full featured IDS package. It's pretty easy to setup and get the basics running, plus it could be done on the hardware you have available, assuming you don't use massive amounts of bandwidth. I wouldn't bother to look any further if you're just starting out with an IDS. Snort should do everything you need to have done and it's widely supported with tech support available all over (including on this list).
3. What IDS literature should I read?
Well, if you're going to be using Snort, then I'd highly recommend the user manual[1] as a good place to start. ;) There are also a variety of different FAQs, Reviews, and information on IDS in general out there. Some good beginning (but thorough) reading can be found at SANS[2]. WindowsSecurity.com also has a nice writeup[3]. Beyond those, pop over to Google and do some hunting. Searching for things like "IDS FAQ" or "what is IDS" will reveal hours of worthwhile reading. =) [1] - http://www.snort.org/docs/writing_rules/chap1.html [2] - http://www.sans.org/resources/idfaq/ [3] - http://www.windowsecurity.com/faqs/Intrusion_Detection/ -- Peace. ~G On Fri, 24 Dec 2004 16:07:30 +0100, Andrey Todorov <andreyt () gawab com> wrote:
Hi People, I tried several times to subscribe myself to "Security Basics" mailing list to ask my questions, but didn't succeed. Excuse me if my questions aren't adequate to "Focus IDS" mailing list! I'll be very gratefull if you share your opinion with me for the following situation. I have small network (5 PCs) behind one Linux box (iptables firewall , Pentium I 166Mhz, 32MB RAM, 4GB HDD) and want to increase security for this network. 1. Do I need IDS? 2. What do you think about Snort? Can I find easy maintainable free/opensource IDS then Snort? 3. What IDS literature should I read? Thank you in advance! Andrey -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- newbie quetsions Andrey Todorov (Dec 27)
- Re: newbie quetsions GuidoZ (Dec 27)
- Re: newbie quetsions ken_i_m (Dec 30)
- Re: newbie quetsions Fabien Degouet (Dec 30)
- RE: newbie quetsions Randy Golly (Dec 30)
- RE: newbie quetsions zekker (Dec 30)
- <Possible follow-ups>
- RE: newbie quetsions Harper, Patrick (Dec 30)
- Re: newbie quetsions Dave Aitel (Dec 30)