Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] New to Snort and IDS in general

from [Justin Heath] Network Security [Permanent Link]
Subject: Re: [Snort-users] New to Snort and IDS in general
Date: Mon, 24 Oct 2005 20:48:44 -0500 
I'm not sure what your budget is, however, you may want to consider a
commercial IPS solution. I say this for a couple of reasons. First of all,
it sounds like you already have your hand full as it is. Without time to
dedicate to analysis or investigation an IDS is fairly useless. This is true
of commercial or non-commercial products. An IPS on the other hand can
minimize the steps of post-analysis and investigation. Plus you will know
(in most cases) that the attack was blocked. Without much time to dedicate
to learning, building, tuning and maintaining a homegrown IPS could cause
some problems (not to say that commercial systems are infallible). There are
a few commercial offerings in the IPS market that do a good job, are easy to
maintain and operate fairly "hands off". Don't get me wrong I believe
strongly in in depth analysis, but it doesn't sound like you have the time
or resources for that. Commercial solutions can get expensive but most
companies do offer leasing programs etc.
 If you feel you have the time and resources to dedicate to learning Snort
and IDS that's great and you have come to the right place. The best way to
learn is by doing, so read the docs, maybe some setup guides and get
started. However, you may want to start on a small segment of your network
first, so you don't get overwhelmed with the data.
 Thanks,
Justin Heath

 On 10/20/05, Timothy A. Holmes <tholmes@mcaschool.net> wrote:


 Good Afternoon:

 As our network has continued to evolve and grow, I have become
increasingly concerned about the threat of attack on our system. This has
lead me to begin planning a SNORT implementation. I am however very very new
to the IDS field. I am the only IT person for our school, and fulfill ALL IT
roles in the building. I am currently reading up on IDS in general and SNORT
in specific. I would very much like to talk (via e-mail or IM) with someone
who can answer some questions for me concerning best practices, common sense
plans etc. I think I am beginning to get a handle on what I need to do, but
I want to find the best way to do it.

 I will follow the will of the list as to keeping this on the list or
taking it private, so please let me know.

 Anyone who can help me is welcome to contact me at the addresses below

 E-Mail – tholmes@mcaschool.net

YAHOO IM – w8tah

AOL IM – w8tahham

MSN IM – w8tah@hotmail.com

ICQ – 223635031

 Thanks

 Timothy A. Holmes

*IT Manager / Network Admin / Web Master / Computer Teacher*

 *Medina** Christian Academy*

*A Higher Standard...*

 Jeremiah 33:3

Jeremiah 29:11

Esther 4:14
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Snort-users] Database error?!, Our World Is Here
Next by Date:  [Snort-users] The Story of Snort: Past, Present and Future, Charles Danicken
Previous by Thread:  Re: [Snort-users] New to Snort and IDS in general, Murali Raju
Next by Thread:  [Snort-users] Who's gonna compensate me?, Paul Schmehl
Indexes:  [Date] [Thread] [Top] [All Lists]