Security Basics mailing list archives
Re: IPS
From: Adriel Desautels <adriel () netragard com>
Date: Tue, 14 Oct 2008 11:39:11 -0400
Mattee, You're on the right track with snort+ossec+prelude. You can enable IPS capabilities by installing snortsam into your firewall. I've done some testing with that type of configuration and honestly, when its tuned well it works better than much of the commercial bloat-ware. Have you configured OSSEC to only allow certain key processes to run? Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 ------------------------------------------------ Netragard, LLC - "The Specialist in Anti-Hacking" Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn Gleb Paharenko wrote:
Hi! Many security platforms have ability to filter HTTP traffic. They can block ActiveX, access to black-listed sites, check files for antiviruses. All big vendors provide this functionality. Cisco, checkpoint, bluecoat... 100% sure it is possible to combine open source tools, self-written scripts and achieve a similar capabilities from squid. 2008/10/2 Mattias Hemmmingsson <mattias () fareoffice com>: Hi ! A want to protect my users from surfing in to sites that have programs that installs on there webbbrowsers. A have today one webbproxy that controlls witch sites there can watch (squids proxy) Bur is there any server lika one IPS that you can attace for all outgoing traffic. can squid go trow and block scripts thar runns on the other server ? All workstations uses ubuntu and a have snort for nids and ossec for HIDS and prelude for IDS, So the week link is my users that are using the internet. // matte
Current thread:
- risk assessment - non electronic data s0h0us (Oct 01)
- Re: risk assessment - non electronic data Alexander Swensen (Oct 01)
- IPS Mattias Hemmmingsson (Oct 02)
- Re: risk assessment - non electronic data Marc-André Laverdière (Oct 02)
- <Possible follow-ups>
- Re: risk assessment - non electronic data martlaberge (Oct 01)