Re: IPS

[Adriel Desautels <adriel () netragard com>]

Mattee,
        You're on the right track with snort+ossec+prelude. You can enable IPS
capabilities by installing snortsam into your firewall. I've done some
testing with that type of configuration and honestly, when its tuned
well it works better than much of the commercial bloat-ware. Have you
configured OSSEC to only allow certain key processes to run?

        

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

------------------------------------------------
Netragard, LLC - "The Specialist in Anti-Hacking"

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Gleb Paharenko wrote:
> Hi!
>
> Many security platforms have ability to filter HTTP traffic. They can
> block ActiveX, access to black-listed sites, check files for
> antiviruses. All big vendors provide this functionality. Cisco,
> checkpoint, bluecoat... 100% sure it is possible to combine open
> source tools, self-written scripts and achieve a similar capabilities
> from squid.
>
> 2008/10/2 Mattias Hemmmingsson <mattias () fareoffice com>:
> Hi !
>
> A want to protect my users from surfing in to sites that have programs
> that installs on there webbbrowsers.
> A have today one webbproxy that controlls witch sites there can watch
> (squids proxy)
> Bur is there any server lika one IPS that you can attace for all
> outgoing traffic. can squid go trow and block scripts thar runns on
> the other server ?
>
> All workstations uses ubuntu and a have snort for nids and ossec for
> HIDS and prelude for IDS,
> So the week link is my users that are using the internet.
>
> // matte
> >