Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: New to Snort !!!

from [Eric Hines] Network Security [Permanent Link]
Subject: RE: New to Snort !!!
Date: Tue, 31 May 2005 07:57:42 -0500 
Venkatesh,

You'll find that Snort boasts the same capabilities if not more than the
more expensive commercial IDS solutions out there. With an equally
attractive price point (free), it offers some awesome features over its
commercial counterparts.

Just a few features we use when presenting our Snort management solution to
customers:

1) Stateful pattern inspection engine;
2) Underwent an external third party professional security audit;
3) Real-time TCP session sniping for passive intrusion prevention using
Flexresp preprocessor;
4) HTTP, Telnet, and other upper-layer protocol decoding engine;
5) Portscan detection engine;
6) Thresholding and suppression on individual signatures per IP;
7) Recently Snort-Inline merged in to Snort, giving it inline (IPS)
capabilities
8) Text-based rule syntax allowing user to view and easily create his/her
own signatures
 
Much, much more.. I know I'm missing some things. Perhaps others can add to
this.


Best Regards,

Eric Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC
1134 N. Main St.
Algonquin, IL 60102
Tel: (877) 262-7593 e:327
Fax: (877) 262-7593
Mob: (847) 456-6785
Web: http://www.appliedwatch.com
----------------------------------------------------------------------------
- 
Enterprise Snort Management at http://www.appliedwatch.com.
Security Information Management for the Open Source Enterprise.
----------------------------------------------------------------------------
-
-----Original Message-----
From: Venkatesh G S [mailto:venkatesh.gs@gmail.com] 
Sent: Tuesday, May 24, 2005 10:45 PM
To: Security Focus IDS Forum
Subject: New to Snort !!!

Hi all,

      I am a new member to this group & i am sure i will get your valuable
suggestion for my problem.
     I work for an organization where we have almost all the latest devices
in place, which includes L3 Switches, VOIP,High end server & etc. We have
around 1500 desktops & this is a production environment.

My problem

i) My network manager wants me to suggest an IDS, and i googled yesterday i
recommened him - Snort.
ii) I am quite new to IDS and i haven't done even a single installation of
Snort till now.

Can anyone let me know the features of Snort, where this sensor should be
placed in the Network?. Plz dont think that i am not doing my homework.i
have already started to collect information from Snort.org but i find it a
little to difficult to undersatnd the concept.

I need help in how to install Snort?. Finally are there any windows edition
of Snort avaliable.

Regards

Venkatesh


--
The impossible is often untried.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: IDS\IPS that can handle one Gig, Per Engelbrecht
Next by Thread:  Re: New to Snort !!!, Justin . Ross
Indexes:  [Date] [Thread] [Top] [All Lists]