Re: Is snort an overkill for desktop only environment ?

[Kurt Buff <kurt.buff () gmail com>]

As others have suggested, it depends on how much you value your data -
but unmentioned by the others, you should consider the relationship of
the remote network to your larger environment.

Do you do any egress filtering at the firewall of the remote network,
specifically for traffic from the remote network to the larger
network? Or is the VPN connection between your offices wide open? Even
if you filter, I'll bet that you have open the usual Windows
networking ports of 135, 139, 445, etc. to all machines on your larger
network from the remote network, because that's the way it works.

So, if you have the resources to install, maintain and monitor it, I'd
say absolutely yes, you should install it, or whatever other security
tools you can.

Kurt

On Sat, Oct 24, 2009 at 11:53, martin <martiniscool () gmail com> wrote:
> anybody have any thoughts at all ?
>
>
> ---------- Forwarded message ----------
> From: martin <martiniscool () gmail com>
> Date: 2009/10/22
> Subject: Is snort an overkill for desktop only environment ?
> To: security-basics () securityfocus com
>
>
> Hi all
>
> I've been reading up on IDP recently, and particularly started looking
> at snort.  I'm considering suggesting to my boss that we install it at
> a small branch office I'm based at.  However, all that we have at the
> branch office are a few desktop PC's, a firewall, switch, and a
> printer.  Our DC, file server etc, is at head office and accessed
> using a VPN.
>
> Is it worth installing IDP in simplified environment such as this ?
> Or is it designed for more "complex" environments which have more
> resources such as file servers, web servers etc ??
>
> Also, currently we wouldn't have anything in the budget to pay for the
> $500 rule subscription for one sensor - so all the rules we would be
> getting would be 30 days old.  Is it worth having an IDP with rules
> that are this old ?  Are they still of any value ?  I'm thinking back
> to the conflicker threat last year - I know there was a Snort rule for
> it, but without the subscription, we wouldn't have gotten it for 30
> days.  So it would have been pretty much too late in that case.
>
> I know that we can write our own rules, but I don't think anybody
> would have time to do that.  So we'd be relying on what rules get
> downloaded
>
> Any feedback would be greatly appreciated
>
> thanks in advance
> M
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------