[svlug] Looking for a NIDS...
gherlein at herlein.com
Mon Sep 3 20:23:02 PDT 2001
> Snort's a good start. There are other tools, most have different
Snort is excellent IMHO.
> Behind your firewall should be really boring. It's the times it isn't
> that you're concerned.
There are many who would say that what is going on inside is far
more interesting... many, if not most, hacks come from the
But, before you even think about a NIDS you should do a complete
threat analysis and devise a security posture. Only then can you
deploy a NIDS effectively. Otherwise it's just data acquisition.
More information about the svlug