Snort mailing list archives
Re: New to Snort and IDS in general
From: Justin Heath <justin.heath () gmail com>
Date: Mon, 24 Oct 2005 20:48:44 -0500
I'm not sure what your budget is, however, you may want to consider a commercial IPS solution. I say this for a couple of reasons. First of all, it sounds like you already have your hand full as it is. Without time to dedicate to analysis or investigation an IDS is fairly useless. This is true of commercial or non-commercial products. An IPS on the other hand can minimize the steps of post-analysis and investigation. Plus you will know (in most cases) that the attack was blocked. Without much time to dedicate to learning, building, tuning and maintaining a homegrown IPS could cause some problems (not to say that commercial systems are infallible). There are a few commercial offerings in the IPS market that do a good job, are easy to maintain and operate fairly "hands off". Don't get me wrong I believe strongly in in depth analysis, but it doesn't sound like you have the time or resources for that. Commercial solutions can get expensive but most companies do offer leasing programs etc. If you feel you have the time and resources to dedicate to learning Snort and IDS that's great and you have come to the right place. The best way to learn is by doing, so read the docs, maybe some setup guides and get started. However, you may want to start on a small segment of your network first, so you don't get overwhelmed with the data. Thanks, Justin Heath On 10/20/05, Timothy A. Holmes <tholmes () mcaschool net> wrote:
Good Afternoon: As our network has continued to evolve and grow, I have become increasingly concerned about the threat of attack on our system. This has lead me to begin planning a SNORT implementation. I am however very very new to the IDS field. I am the only IT person for our school, and fulfill ALL IT roles in the building. I am currently reading up on IDS in general and SNORT in specific. I would very much like to talk (via e-mail or IM) with someone who can answer some questions for me concerning best practices, common sense plans etc. I think I am beginning to get a handle on what I need to do, but I want to find the best way to do it. I will follow the will of the list as to keeping this on the list or taking it private, so please let me know. Anyone who can help me is welcome to contact me at the addresses below E-Mail – tholmes () mcaschool net YAHOO IM – w8tah AOL IM – w8tahham MSN IM – w8tah () hotmail com ICQ – 223635031 Thanks Timothy A. Holmes *IT Manager / Network Admin / Web Master / Computer Teacher* *Medina** Christian Academy* *A Higher Standard...* Jeremiah 33:3 Jeremiah 29:11 Esther 4:14
Current thread:
- New to Snort and IDS in general Timothy A. Holmes (Oct 20)
- Re: New to Snort and IDS in general Murali Raju (Oct 20)
- Re: New to Snort and IDS in general Justin Heath (Oct 24)