Firewall Wizards mailing list archives
Re: In search of the right tool(s)
From: Technical Incursion Countermeasures <lists () ticm com>
Date: Thu, 27 Jan 2000 07:49:13
Hi Marc, two things you can do.. 1. install an IDS on the inside of your networks all reporting back to a central station (through secure channels of course). A good place to start is at the host level. Tripwire, COPS, Realsecure, et al... 2. Install honeypots on the inside near well used servers. This might give you a chance to catch them before they make a mess of your main resources.. goes for outside hacker too... Of course the best bit about honeypots is the trails of incriminating evidence they can create for you. Cheers, Bret At 07:40 23/01/00 -0500, you wrote:
Hello - I am looking for tools that I can setup to monitor network traffic, ideally passively, which will try to detect and alert me to attacks or suspicious activity _originating_ within my networks. I already have several tools setup that detect activity targetting my networks, and now want to make certain that knowbody launches anything from within the address space that I am responsible for. For reference, I am working with several /18, /19, and various smaller network blocks, often times multi-homed through several geographically diverse methods. Suggestions and references would be greatly appreciated. Thanks in advance - Marc
Technical Incursion Countermeasures consulting () TICM COM http://www.ticm.com/ voice mail/fax: (+65)98421426(UTC+8 hrs) The Insider - a e'zine on Computer security http://www.ticm.com/info/insider/index.html
Current thread:
- In search of the right tool(s) Marc Evans (Jan 24)
- Re: In search of the right tool(s) Technical Incursion Countermeasures (Jan 28)