On 10/03/06 07:49 +1100, Naveen Sharma wrote: > Hi All, > > What exactly is IDS tuning ? Please provide steps to tune Snort. >
Homework assignment for a network administrator? Google is your friend, but anyway: IDS tuning is configuring the IDS to perform ideally in your environment, with few false positives in the alerts generated. Tuning Snort (or any other IDS): You have two options - 1.a) Learn all about networking, the applications you run, and the state of your network. 1.b) Learn to find bottlenecks in hardware. 1.c) Learn to write Snort signatures. 1.d) Tune Snort. 2.a) Define tuned parameters expected. 2.b) Hire expensive consultant to tune Snort 2.c) Pay consultant. 2.d) Keep consultant around to understand Snort output. Nothing replaces the human brain and the ability to RTFM. Devdas Bhagat ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
