IDS mailing list archives

RE: New to Snort !!!

From: "Eric Hines" <eric.hines () appliedwatch com>
Date: Tue, 31 May 2005 07:57:42 -0500
Venkatesh,

You'll find that Snort boasts the same capabilities if not more than the
more expensive commercial IDS solutions out there. With an equally
attractive price point (free), it offers some awesome features over its
commercial counterparts.

Just a few features we use when presenting our Snort management solution to
customers:

1) Stateful pattern inspection engine;
2) Underwent an external third party professional security audit;
3) Real-time TCP session sniping for passive intrusion prevention using
Flexresp preprocessor;
4) HTTP, Telnet, and other upper-layer protocol decoding engine;
5) Portscan detection engine;
6) Thresholding and suppression on individual signatures per IP;
7) Recently Snort-Inline merged in to Snort, giving it inline (IPS)
capabilities
8) Text-based rule syntax allowing user to view and easily create his/her
own signatures
 
Much, much more.. I know I'm missing some things. Perhaps others can add to
this.


Best Regards,

Eric Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC
1134 N. Main St.
Algonquin, IL 60102
Tel: (877) 262-7593 e:327
Fax: (877) 262-7593
Mob: (847) 456-6785
Web: http://www.appliedwatch.com
----------------------------------------------------------------------------
- 
Enterprise Snort Management at http://www.appliedwatch.com.
Security Information Management for the Open Source Enterprise.
----------------------------------------------------------------------------
-
-----Original Message-----
From: Venkatesh G S [mailto:venkatesh.gs () gmail com] 
Sent: Tuesday, May 24, 2005 10:45 PM
To: Security Focus IDS Forum
Subject: New to Snort !!!

Hi all,

      I am a new member to this group & i am sure i will get your valuable
suggestion for my problem.
     I work for an organization where we have almost all the latest devices
in place, which includes L3 Switches, VOIP,High end server & etc. We have
around 1500 desktops & this is a production environment.

My problem

i) My network manager wants me to suggest an IDS, and i googled yesterday i
recommened him - Snort.
ii) I am quite new to IDS and i haven't done even a single installation of
Snort till now.

Can anyone let me know the features of Snort, where this sensor should be
placed in the Network?. Plz dont think that i am not doing my homework.i
have already started to collect information from Snort.org but i find it a
little to difficult to undersatnd the concept.

I need help in how to install Snort?. Finally are there any windows edition
of Snort avaliable.

Regards

Venkatesh


--
The impossible is often untried.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
Current thread:

Re: New to Snort !!! Doug . Janelle (Jun 01)
- <Possible follow-ups>
- Re: New to Snort !!! Justin . Ross (Jun 01)
- RE: New to Snort !!! Eric Hines (Jun 01)