RE: Tuning a snort IDS

["McCammon, Keith" <Keith.McCammon () eadvancemed com>]

Well...

If you're looking for specifics, there's not much to be said without requiring you to post a very detailed network 
schematic to the Internet for comments.  Tuning an IDS is obviously *very* instance-specific.  And unfortunately there 
are far too many considerations to list in this type of forum.

In my opinion, the best thing that you can do is get your hands on some good books about IP (and related protocols), 
Ethernet, and intrusion detection.  TCP/IP Illustrated (Vol. 1) by Richard Stevens is a great (big) handbook to have 
around.  And Network Intrusion Detection by Northcutt/Novak is one of the better texts on the subject.  If you have a 
good grasp on network protocols and practical IDS operation, you'll have no problem understanding how you need to tune 
and test your system.  

Cheers

Keith  

> -----Original Message-----
> From: Ashley Thomas [mailto:athomas () cc gatech edu]
> Sent: Friday, July 26, 2002 9:11 PM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Tuning a snort IDS
>
>
> hi all,
>
> Do you know if there is any document on tuning a snort IDS or 
> in general
> for any IDS ? Please let me know.
>
> thanks
> ashley


-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users