[svlug] Looking for a NIDS...

[Karsten M. Self]

on Mon, Sep 03, 2001 at 06:18:18PM -0700, Ron (theotiwii at earthlink.net) wrote:
> I've been looking for an (Open Source) Network Intrusion Detection
> System. My search has lead me to Snort (http://snort.sourcefile.com).
> Before I wade through the installation process I thought I would ask the
> list for advice,  specifically:
> 
> - Is a NIDS worth the trouble?

Yes.

> - Can anyone recommend a better package?

Snort's a good start.  There are other tools, most have different
focuses.

> - For those who use one, is your preference in front, behind or on both
> sides of your firewall?

Yes.

Behind your firewall should be really boring.  It's the times it isn't
that you're concerned.

In front of (or on, listening out) of the firewall will keep you
appraised of what's going on there.  Note that the concern isn't
attacks, it's successful attacks.  The nice thing about snort is,
properly configured, it summarizes attacks by type and source, making
what's otherwise a rather verbose output far more manageable.

Cheer.

-- 
Karsten M. Self <kmself at ix.netcom.com>          http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?             There is no K5 cabal
  http://gestalt-system.sourceforge.net/               http://www.kuro5hin.org
   Free Dmitry! Boycott Adobe! Repeal the DMCA!    http://www.freesklyarov.org
Geek for Hire                        http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.svlug.org/archives/svlug/attachments/20010903/b00f0676/attachment.bin