Re: Arguments for Snort

[Paul Schmehl <pauls () utdallas edu>]

On Tue, 2003-02-11 at 08:48, Shane Williams wrote:
> As twig les pointed out, the fact that you can see, change, remove and
> add rules is a great advantage.  The fact that there's a community of
> developers who come out with new rules within days of new threats is a
> bonus.

I cannot emphasize this enough!  We just dumped a commercial IDS because
we couldn't muck with the rules.  No matter what changes we made, they
weren't saved.  The ability to edit rules and create your own is
absolutely essential to getting *useful* input from your IDS.

Everybody *thinks* they know what's "bad" for your network, but the
truth is, only *you* can determine that.  And if you can't customize the
rules, your IDS is worthless.

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users