Security Basics mailing list archives
RE: IDS
From: "Gaddis, Jeremy L." <jlgaddis () ivytech edu>
Date: Thu, 21 Jul 2005 09:12:20 -0500
Hi Rene, I also like ntop (http://www.ntop.org/). If you run this on an interface that's plugged into a spanned port (I'm guessing you can, since you're already running Snort), you can see, at a glance, the "bandwidth hogs" at any given time. It helps for identifying PCs that are sending large amounts of traffic when they shouldn't be. -j -- Jeremy L. Gaddis <jlgaddis () ivytech edu> Special Projects Manager Computer & Technology Services Ivy Tech State College, Bloomington 812.330.6156 (w) 812.797.6176 (m) -----Original Message----- From: Rene Bouchard [mailto:rbouchard () epalscorp com] Sent: Monday, July 18, 2005 10:58 AM To: security-basics () securityfocus com Subject: IDS Hi there, I've setup a server with network based IDS (SNORT), Nagios monitoring, log centralisation and MRTG for all my network. Do you think of anything else I should add to make it a centralize sysadmin tool ? Any other Siffer or IDS software I should add ? thanks a lot for your help, Rene Bouchard