On Fri, Dec 24, 2004 at 04:07:30PM +0100, Andrey Todorov (andreyt@gawab.com)
wrote:
I tried several times to subscribe myself to "Security Basics" mailing
list to ask my questions,
[...]
1. Do I need IDS?
2. What do you think about Snort? Can I find easy maintainable
free/opensource IDS then Snort?
3. What IDS literature should I read?
Your questions indicate that you need to try harder at getting on the
"Security Basics" mailing list. :-)
Security is a tradeoff. -- Bruce Schneier
Have you done all the basics first? They are basics because they are
the kinds of things that give the most bang for the buck. You mention a
firewall box, good. Has it been hardened? Do you have a good back up
plan? Do you have a good restoration from back up plan? Are the
systems fully patched? You need to ask and answer yourself these and
other such system administration type questions.
Then if you are still concerned you need to do a risk assessment. Who
are you defending against? Script kiddies? Well financed criminals?
The NSA? Is assuring availability of the systems worth the large
additional effort of running an IDS for the marginal net gain? You may
find that your energy is better spent on file integrity and back up.
Every situation is different and you need to understand the basics so
that you can evaluate these for yourself. Or hire a consultant that you
trust to ask and answer these questions for you.
--
I reason and act, therefore, ken_i_m
Chief Gadgeteer, Elegant Innovations
Founder, Bozeman Linux Users Group
(406) 581-0495
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
