Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Snort as IDS

from [Jon Uriona] Network Security [Permanent Link]
Subject: Snort as IDS
Date: Fri, 11 Jan 2008 11:33:50 +0100 
Hi all,

I need to know if I need to apply web detection rules
(attacks, cgi, client, misc, php...) and preprocesor (http_inspect) to
devices acting as web proxies. I am getting thousand of alerts due to
those rules from my proxy clients and their external requests which I
believe all of them are false. Am I right?

And for web servers different than apache and IIS, do I have to apply
http_inspect with any profile?

I am trying to set up my http_inspect preprocessor.
If I have a Squid proxy listening on ports 80 and 8080, do I need to
configure a preprocessor http_inspect_server for it? And should I use
apache profile?

If I am using any other web server (neither IIS nor Apache), do I need
to configure a preprocessor http_inspect_server for it? If so, which
profile?

And same question about application servers, like AOL for example. Do I
need to configure http_inspect_server for it? Which profile?

Thanx in advance,

Jon

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: signature based IDS/IPS effectiveness, Paul Schmehl
Next by Date:  Re: VM of IPS/IDS solution, dsmk77
Previous by Thread:  VM of IPS/IDS solution, Andy . Kitzke
Next by Thread:  Re: Snort as IDS, Sanjay R
Indexes:  [Date] [Thread] [Top] [All Lists]