Security Basics mailing list archives

RE: IDS

From: "Gaddis, Jeremy L." <jlgaddis () ivytech edu>
Date: Thu, 21 Jul 2005 09:12:20 -0500

Hi Rene,

I also like ntop (http://www.ntop.org/).  If you run this on an
interface that's plugged into a spanned port (I'm guessing you can,
since you're already running Snort), you can see, at a glance, the
"bandwidth hogs" at any given time.  It helps for identifying PCs that
are sending large amounts of traffic when they shouldn't be.

-j

--
Jeremy L. Gaddis   <jlgaddis () ivytech edu>
Special Projects Manager
Computer & Technology Services
Ivy Tech State College, Bloomington
812.330.6156 (w)   812.797.6176 (m)


-----Original Message-----
From: Rene Bouchard [mailto:rbouchard () epalscorp com] 
Sent: Monday, July 18, 2005 10:58 AM
To: security-basics () securityfocus com
Subject: IDS

Hi there,

I've setup a server with network based IDS (SNORT), Nagios monitoring,
log centralisation and MRTG for all my network. Do you think of anything
else I should add to make it a centralize sysadmin tool ? Any other
Siffer or IDS software I should add ?

thanks a lot for your help,

Rene Bouchard

Current thread:

ids Leon (Jul 18)
- <Possible follow-ups>
- IDS Rene Bouchard (Jul 20)
  - Re: IDS dallas jordan (Jul 21)
- RE: IDS Gaddis, Jeremy L. (Jul 21)