Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Ossim

from [Craig Rodenberg] Network Security [Permanent Link]
Subject: Re: Ossim
Date: Wed, 21 Sep 2005 13:49:26 -0500 
Hello Syn Ack,
I've deployed OSSIM in four datacenters now. I think OSSIM is a goodIPS support 
tool, but I wouldn't deploy it as my primary IDS unless Ihad a zero dollar 
budget for the project.  OSSIM can be customized,configured and tweaked to 
provide reliable and sustainable networkprotection, but it requires a lot of 
configuration, and then a lot oftuning and constant updating.The Cisco ACL 
creation and PIX firewall rule insertion features arewhat I spent the most time 
on. The basic functionality for attackblocking is already there, but you'll 
want to make sure that a DDoSattack (or other spoofed attack) does not cause 
you to ACL / firewallyour network against the entire internet.
OSSIM is a good, solid security tool. My only caution to you would be:Make sure 
you have plenty of coffee in the break room, and be preparedto spend several 
late nights tweaking and tuning.
OSSIM and AAnval seem to be the best "free" NETSEC tools right now.
If you have slightly more than $0.00 to spend on your IPS project, youmay want 
to consider Sentarus by Demarc. (www.demarc.com)  TheSentarus appliance and 
host agents are heavyweight contenders withTipping Point and ISS. They do, 
however, actually want customers topay for the software.  :)
I may still have some OSSIM configs laying around that could help youwith the 
Catalyst ACL's and PIX firewall rules. Let me know if youwant them, and I'll 
start looking.
 Good Luck with OSSIM !
 ./c0redump
 Craig Rodenberg, GIAC Director, INFOSEC Connectria Internet Services 
www.connectria.com

On 9/20/05, Syn Ack <thin.hack@gmail.com> wrote:> Hello list members,> I'm 
working on implementing IDSes in the company a work for. Did some> of you have 
experience with Ossim (http://www.ossim.net)?> Any comment are welcome.> 
Regards,>> Dominique>> 
------------------------------------------------------------------------> Test 
Your IDS>> Is your IDS deployed correctly?> Find out quickly and easily by 
testing it> with real-world attacks from CORE IMPACT.> Go to 
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708> to learn 
more.> ------------------------------------------------------------------------>
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Ossim, Adolfo .
Next by Date:  Re: Ossim, luciani . giorgio
Previous by Thread:  Ossim, Syn Ack
Next by Thread:  Re: Ossim, Craig Rodenberg
Indexes:  [Date] [Thread] [Top] [All Lists]