Re: New to Snort and IDS in general

[Justin Heath <justin.heath () gmail com>]

I'm not sure what your budget is, however, you may want to consider a
commercial IPS solution. I say this for a couple of reasons. First of all,
it sounds like you already have your hand full as it is. Without time to
dedicate to analysis or investigation an IDS is fairly useless. This is true
of commercial or non-commercial products. An IPS on the other hand can
minimize the steps of post-analysis and investigation. Plus you will know
(in most cases) that the attack was blocked. Without much time to dedicate
to learning, building, tuning and maintaining a homegrown IPS could cause
some problems (not to say that commercial systems are infallible). There are
a few commercial offerings in the IPS market that do a good job, are easy to
maintain and operate fairly "hands off". Don't get me wrong I believe
strongly in in depth analysis, but it doesn't sound like you have the time
or resources for that. Commercial solutions can get expensive but most
companies do offer leasing programs etc.
 If you feel you have the time and resources to dedicate to learning Snort
and IDS that's great and you have come to the right place. The best way to
learn is by doing, so read the docs, maybe some setup guides and get
started. However, you may want to start on a small segment of your network
first, so you don't get overwhelmed with the data.
 Thanks,
Justin Heath

 On 10/20/05, Timothy A. Holmes <tholmes () mcaschool net> wrote:
>  Good Afternoon:
>
>  As our network has continued to evolve and grow, I have become
> increasingly concerned about the threat of attack on our system. This has
> lead me to begin planning a SNORT implementation. I am however very very new
> to the IDS field. I am the only IT person for our school, and fulfill ALL IT
> roles in the building. I am currently reading up on IDS in general and SNORT
> in specific. I would very much like to talk (via e-mail or IM) with someone
> who can answer some questions for me concerning best practices, common sense
> plans etc. I think I am beginning to get a handle on what I need to do, but
> I want to find the best way to do it.
>
>  I will follow the will of the list as to keeping this on the list or
> taking it private, so please let me know.
>
>  Anyone who can help me is welcome to contact me at the addresses below
>
>  E-Mail – tholmes () mcaschool net
>
> YAHOO IM – w8tah
>
> AOL IM – w8tahham
>
> MSN IM – w8tah () hotmail com
>
> ICQ – 223635031
>
>  Thanks
>
>  Timothy A. Holmes
>
> *IT Manager / Network Admin / Web Master / Computer Teacher*
>
>  *Medina** Christian Academy*
>
> *A Higher Standard...*
>
>  Jeremiah 33:3
>
> Jeremiah 29:11
>
> Esther 4:14