Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort as IDS/IPS in mission-critical enterprise network

From: "J.A. Terranson" <measl () mfn org>
Date: Fri, 9 Dec 2005 11:13:17 -0600 (CST)

On Fri, 9 Dec 2005, Native.Code wrote:


Is Snort enterprise ready where it can be deployed to monitor
mission-critical network?


Yes.  It is, and has been for some time.


If any of you can name any big network which is using Snort as an example,
it will be very helpful.


Because of NDA, I cannot *name* the network where I was a part of the team
installing and maintainting SNORT on a large network, but I can tell you
that this network is one of the top tier-1 NSPs.  I can tell you that
SNORT is the sole such product chosen for this purpose, and that it works
better than we could have possibly hoped for.  last I looked, SNORT was
being used on circuits as large as OC12s.

The problem isn't going to be your sensor (SNORT et al), but your back end
software - *that* part is a bitch!


-- 
Yours,

J.A. Terranson
sysadmin () mfn org
0xBD4A95BF


I like the idea of belief in drug-prohibition as a religion in that it is
a strongly held belief based on grossly insufficient evidence and
bolstered by faith born of intuitions flowing from the very beliefs they
are intended to support.

don zweig, M.D.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: