IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Need help/info

From: Tyrel McMahan <tyrel () tyrel pl>
Date: Mon, 25 May 2009 22:09:14 +0200
Might I recommend a book? "The TAO of Network Security Monitoring" by Richard Bejtlich has been a great book for me. He is a big user of squil (pronounced SQUEAL) and other tools using FreeBSD and open source tools. I did an interview with a him a while back and then later read his book: 

http://feeds.apertamedia.com/~r/SitesCollide/~5/1C9nKjkWUvI/scr006.mp3

THe book is ISBN 0-321-24677-2
Hope that helps, enjoy!

Tyrel McMahan
tyrel () tyrel pl
+48.697.770.444 (Warsaw, PL)

gpg Public Key:
555E C4FB 43C1 EDB5 A71F  9619 EB02 3E62 DEEE 7418






On 2009-05-23, at 21:12, Stephen Mullins wrote:


All of the information you need is available on the web.  Just google
your way through this.  At the end of it all you should be pretty well
versed in Snort and associated tasks (sensor placement etc.).

Have fun with it.  I'm a little envious that you get to do this
security build out from scratch.  I have resorted to deploying Snort
on my home network to get that experience.  If you aren't set on an
analysis front end yet I suggest Sguil, of which I am a big fan.

Steve Mullins
On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 () gmail com > wrote:
I work for a small company with a hub/spoke network. I've been tasked with setting up an IDS(Snort) to begin monitoring security related events and basically build out a security program/infrastructure. Do any of you have any good sites/forums that go into the process of intrusion detection. I can get the alerts from snort but there are so many that it it's hard to make heads or tails. I'm looking for ideas on what to look for and what to pay 
specific attention to.  Also any good websites that alert/explain new
vulnerabilities would be great. Any help would be appreciated.
--
View this message in context: http://www.nabble.com/Need-help-info-tp23644667p23644667.html
Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com.
Previous By Date Next
Previous By Thread Next

Current thread: