IDS mailing list archives
Re: newbie quetsions
From: ken_i_m () elegantinnovations net
Date: Mon, 27 Dec 2004 22:57:15 -0700
On Fri, Dec 24, 2004 at 04:07:30PM +0100, Andrey Todorov (andreyt () gawab com) wrote:
I tried several times to subscribe myself to "Security Basics" mailing list to ask my questions,
[...]
1. Do I need IDS? 2. What do you think about Snort? Can I find easy maintainable free/opensource IDS then Snort? 3. What IDS literature should I read?
Your questions indicate that you need to try harder at getting on the "Security Basics" mailing list. :-) Security is a tradeoff. -- Bruce Schneier Have you done all the basics first? They are basics because they are the kinds of things that give the most bang for the buck. You mention a firewall box, good. Has it been hardened? Do you have a good back up plan? Do you have a good restoration from back up plan? Are the systems fully patched? You need to ask and answer yourself these and other such system administration type questions. Then if you are still concerned you need to do a risk assessment. Who are you defending against? Script kiddies? Well financed criminals? The NSA? Is assuring availability of the systems worth the large additional effort of running an IDS for the marginal net gain? You may find that your energy is better spent on file integrity and back up. Every situation is different and you need to understand the basics so that you can evaluate these for yourself. Or hire a consultant that you trust to ask and answer these questions for you. -- I reason and act, therefore, ken_i_m Chief Gadgeteer, Elegant Innovations Founder, Bozeman Linux Users Group (406) 581-0495 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- newbie quetsions Andrey Todorov (Dec 27)
- Re: newbie quetsions GuidoZ (Dec 27)
- Re: newbie quetsions ken_i_m (Dec 30)
- Re: newbie quetsions Fabien Degouet (Dec 30)
- RE: newbie quetsions Randy Golly (Dec 30)
- RE: newbie quetsions zekker (Dec 30)
- <Possible follow-ups>
- RE: newbie quetsions Harper, Patrick (Dec 30)
- Re: newbie quetsions Dave Aitel (Dec 30)