IDS mailing list archives
Re: newbie quetsions
From: "Fabien Degouet" <fdegouet () contrhackt com mx>
Date: Mon, 27 Dec 2004 23:52:25 -0600
Andrey, My point of view is: 1- Yes you need an IDS, we always need an IDS as iptables just block ports or connections but do not check for attacks or inside trafic. If you have multiple segments you should have an IDS per segment. Here IDS stands for NIDS but HIDS or better IPS would be required for critical hosts (like servers). 2- Snort is a good one and you can update the rules through oinkmaster (inline). Other good one is Bro-IDS (opensource too). Snort is quite easy to maintain and update but you may need some time for customization of rules. Take a look to www.prelude-ids.org, this could give you some ideas on how to manage the whole thing (logs too). 3- For documentation, take a look at www.snort.org/docs and google.com is always a good friend. You can find some good books (dealing with snort or security) on amazon - for snort they come in the main page. The book of R. Bejtlich (the tao of network security monitoring is also a good one!). Regards fabien ----- Original Message ----- From: "Andrey Todorov" <andreyt () gawab com> To: <focus-ids () securityfocus com> Sent: Friday, December 24, 2004 9:07 AM Subject: newbie quetsions
Hi People, I tried several times to subscribe myself to "Security Basics" mailing list to ask my questions, but didn't succeed. Excuse me if my questions aren't adequate to "Focus IDS" mailing list! I'll be very gratefull if you share your opinion with me for the following situation. I have small network (5 PCs) behind one Linux box (iptables firewall , Pentium I 166Mhz, 32MB RAM, 4GB HDD) and want to increase security for this network. 1. Do I need IDS? 2. What do you think about Snort? Can I find easy maintainable free/opensource IDS then Snort? 3. What IDS literature should I read? Thank you in advance! Andrey -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- newbie quetsions Andrey Todorov (Dec 27)
- Re: newbie quetsions GuidoZ (Dec 27)
- Re: newbie quetsions ken_i_m (Dec 30)
- Re: newbie quetsions Fabien Degouet (Dec 30)
- RE: newbie quetsions Randy Golly (Dec 30)
- RE: newbie quetsions zekker (Dec 30)
- <Possible follow-ups>
- RE: newbie quetsions Harper, Patrick (Dec 30)
- Re: newbie quetsions Dave Aitel (Dec 30)