Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS / IPS Bake time

From: Peter Bates <peter.bates () ucl ac uk>
Date: Thu, 13 Sep 2012 16:03:13 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 13/09/2012 14:49, Turnbough, Bradley E. wrote:

Is it common practice to implement Snort as an IDS first and let it
bake for a while before it gets 'upgraded' to an IPS?


That would make some sort of sense if you're acquainting yourself with
Snort and/or the idea of an IDS/IPS and looking to baseline the activity.

At the end of the day I would say the choice between IDS/IPS is all
about the architecture of your network - in some cases where the
slightest FP or outage is damaging to your business then you're not
going to run an IPS.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQUfWxAAoJELhVoVpEMS6R9EIH/jXSrirBs2h8Lf4UMFhNC3XN
KXiPxRyttBRc+CdUwoQmEXw6fLVzUeyQJH+ycpwYmSfL/2Mk5MAggYgn3RCSau0b
ZssQZl6qUDAzNA17rtwO5+So6PTlyisizy1qq2kgF1ew9iw8xn5lkGmmWbCAMerw
qxCb+b3quh4hBOSzTBXCAWDLrDxbfe1xCnSU8yLE79SSy1xuGsVlZb49JZy5KJLU
9n5x37HkJX1KxkRaMCQq4Paasc5UgvUu8+70jXBcv9Hq1XtVWfMkPRSpm7jMcRWv
YxdDjwBFLWwsia1wNhRJ6E5i/qhCxlNUGznUzmX7eiCtkN8Zud/HZCAzRlmD/yg=
=1sD2
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: