IDS mailing list archives
Re: Need help/info
From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Tue, 26 May 2009 07:12:21 -0400
These are definitely great books. I recommend every shop I'm in keep copies on the shelves as references and for Jr. Analysts or those that don't come from a Network Security Monitoring background. Nowhere else that I'm aware of really spells out what NSM is and how to do it right like Bejtlich's Tao. Steve Mullins On Mon, May 25, 2009 at 2:27 PM, Richard Bejtlich <taosecurity () gmail com> wrote:
On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 () gmail com> wrote:I work for a small company with a hub/spoke network. I've been tasked with setting up an IDS(Snort) to begin monitoring security related events and basically build out a security program/infrastructure. Do any of you have any good sites/forums that go into the process of intrusion detection. I can get the alerts from snort but there are so many that it it's hard to make heads or tails. I'm looking for ideas on what to look for and what to pay specific attention to. Also any good websites that alert/explain new vulnerabilities would be great. Any help would be appreciated.Hello, If you're looking for a good book or two, my Tao and Extrusion books will help: http://www.taosecurity.com/books.html If you're looking for blogging on the subject, try my blog: http://taosecurity.blogspot.com I also wrote a series for TechTarget called Snort Report: http://searchsecuritychannel.techtarget.com/tips/index/0,289482,sid97_tax307691,00.html If you're looking for a good Wiki, try: http://nsmwiki.org If you're looking for the best suite for network security monitoring, try: http://www.sguil.net Good luck! Richard
Current thread:
- Need help/info ubernewbie (May 21)
- Re: Need help/info Alexandros Papadopoulos (May 21)
- Re: Need help/info Stephen Mullins (May 25)
- Re: Need help/info Tyrel McMahan (May 25)
- Re: Need help/info Fossett, Jeff S (May 26)
- Re: Need help/info Richard Bejtlich (May 25)
- Re: Need help/info Stephen Mullins (May 26)
- Re: Need help/info Joel Esler (May 25)