Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: newbie quetsions

from [Fabien Degouet] Network Security [Permanent Link]
Subject: Re: newbie quetsions
Date: Mon, 27 Dec 2004 23:52:25 -0600 
Andrey,

My point of view is:
    1- Yes you need an IDS, we always need an IDS as iptables just block
ports or connections but do not check for attacks or inside trafic. If you
have multiple segments you should have an IDS per segment. Here IDS stands
for NIDS but HIDS or better IPS would be required for critical hosts (like
servers).

    2- Snort is a good one and you can update the rules through oinkmaster
(inline). Other good one is Bro-IDS (opensource too). Snort is quite easy to
maintain and update but you may need some time for customization of rules.
Take a look to www.prelude-ids.org, this could give you some ideas on how to
manage the whole thing (logs too).

    3- For documentation, take a look at www.snort.org/docs and google.com
is always a good friend. You can find some good books (dealing with snort or
security) on amazon - for snort they come in the main page. The book of R.
Bejtlich (the tao of network security monitoring is also a good one!).

Regards

fabien
----- Original Message ----- 
From: "Andrey Todorov" <andreyt@gawab.com>
To: <focus-ids@securityfocus.com>
Sent: Friday, December 24, 2004 9:07 AM
Subject: newbie quetsions



Hi People,
I tried several times to subscribe myself to "Security Basics" mailing
list to ask my questions, but didn't succeed. Excuse me if my questions
aren't adequate to "Focus IDS" mailing list!

I'll be very gratefull if you share your opinion with me for the
following situation. I have small network (5 PCs) behind one Linux box
(iptables firewall , Pentium I 166Mhz, 32MB RAM, 4GB HDD) and want to
increase security for this network.

    1. Do I need IDS?
    2. What do you think about Snort? Can I find easy maintainable
free/opensource IDS then Snort?
    3. What IDS literature should I read?

Thank you in advance!

Andrey



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: newbie quetsions, ken_i_m
Next by Date:  RE: newbie quetsions, Harper, Patrick
Previous by Thread:  Re: newbie quetsions, ken_i_m
Next by Thread:  RE: newbie quetsions, Randy Golly
Indexes:  [Date] [Thread] [Top] [All Lists]