Might I recommend a book? "The TAO of Network Security Monitoring" by
Richard Bejtlich has been a great book for me. He is a big user of
squil (pronounced SQUEAL) and other tools using FreeBSD and open
source tools. I did an interview with a him a while back and then
later read his book:
http://feeds.apertamedia.com/~r/SitesCollide/~5/1C9nKjkWUvI/scr006.mp3
THe book is ISBN 0-321-24677-2
Hope that helps, enjoy!
Tyrel McMahan
[email protected]
+48.697.770.444 (Warsaw, PL)
gpg Public Key:
555E C4FB 43C1 EDB5 A71F 9619 EB02 3E62 DEEE 7418
On 2009-05-23, at 21:12, Stephen Mullins wrote:
All of the information you need is available on the web. Just google
your way through this. At the end of it all you should be pretty well
versed in Snort and associated tasks (sensor placement etc.).
Have fun with it. I'm a little envious that you get to do this
security build out from scratch. I have resorted to deploying Snort
on my home network to get that experience. If you aren't set on an
analysis front end yet I suggest Sguil, of which I am a big fan.
Steve Mullins
On Wed, May 20, 2009 at 6:25 PM, ubernewbie <[email protected]
> wrote:
I work for a small company with a hub/spoke network. I've been
tasked with
setting up an IDS(Snort) to begin monitoring security related
events and
basically build out a security program/infrastructure. Do any of
you have
any good sites/forums that go into the process of intrusion
detection. I can
get the alerts from snort but there are so many that it it's hard
to make
heads or tails. I'm looking for ideas on what to look for and what
to pay
specific attention to. Also any good websites that alert/explain new
vulnerabilities would be great. Any help would be appreciated.
--
View this message in context:
http://www.nabble.com/Need-help-info-tp23644667p23644667.html
Sent from the IDS (Intrusion Detection System) mailing list archive
at Nabble.com.
