Speaking of CCDC, I'll be going as my team leader to the WRCCDC this weekend. Any tips? I'm really scared about the red team gaining access to L2 of my network. Was VLAN hopping and switch/router tampering a common thing? I'm guessing that the web app lended very generous to the red team?
On Thu, Mar 18, 2010 at 1:50 PM, Robert Miller <[email protected]> wrote: > I would recommend OSSEC all the way, a joint effort with your IDS, such as > snort, helps greatly. To reduce the false incidents I agree with Ron 100% > you need a means to compare events such as a file change and an event on the > network. > > OSSEC is a great start though, if you want something inexpensive you can > look at OSSIM (http://www.alienvault.com/community.php?section=Home) while > the recently release is better the over all documentation is not the > greatest and it does bundle into the OS things that may not be needed for > your implementation, plan some time for tweaking and testing. > > Keep us up to date as to what you guys choose and how it works out for you. > > - Robert > (arch3angel) > > > On 3/12/2010 3:02 PM, Kennith Asher wrote: > > Greetings gurus- > > The company I work for is being pressed to deploy file integrity monitoring > tools in our production environment. I've not worked with such tools in the > past and am interested in your experiences. > > I have concerns around noise levels, false positives, how to control file > integrity and still keep up with vendor updates (50 hour days anyone?). > > Anyone have any recommendations? > > Thanks, > > Ken > > > _______________________________________________ > Pauldotcom mailing list > [email protected]http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
