Hi There,
As I often have greater respect for a much larger portion of this list
than the rest of the internet, I am curious what is thought about
current IDS/IPS hardware from vendors like Trustwave, Checkpoint,
Alert Logic, mod_security, even snort.. etc, and in particular, the
sensibility and e
On Thu, Feb 18, 2010 at 2:59 PM, bofh wrote:
> On Thu, Feb 18, 2010 at 11:48 AM, Laurens Vets wrote:
>
>>
>>
>>> Just don't get ISS crap.
>>>
>>> Also, snort is good, but you must know what you're doing. Our snort box,
>>> running on an old throw away box, and only capturing/analyzing 10 minut
On Wed, Feb 17, 2010 at 7:59 PM, Jason Beaudoin wrote:
> From a compliance perspective, I don't have much choice. From the
> costs, infrastructure, and administrative perspectives, I am currently
> evaluating whether or not I should be leaning towards and IDS or IPS
> solution, and of course which
Don't bypass Snort because PFSense package makes it so easy to install and
configure. A a one-click install of Snort and the only thing left to do was
register and select what you want it to do.
Mehma
===
On Wed, Feb 17, 2010 at 8:28 PM, Johan Beisser wrote:
> On Wed, Feb 17, 2010 at 7:59 PM, J
On Wed, 17 Feb 2010 22:59 -0500, "Jason Beaudoin"
wrote:
> Hi There,
>
> As I often have greater respect for a much larger portion of this list
> than the rest of the internet, I am curious what is thought about
> current IDS/IPS hardware from vendors like Trustwave, Checkpoint,
> Alert Logic, mo
On Wed, Feb 17, 2010 at 11:47 PM, mehma sarja wrote:
> Don't bypass Snort because PFSense package makes it so easy to install and
> configure. A a one-click install of Snort and the only thing left to do was
> register and select what you want it to do.
>
> Mehma
Hi Mehma,
I'm hoping you can ex
On Wed, Feb 17, 2010 at 11:28 PM, Johan Beisser wrote:
> On Wed, Feb 17, 2010 at 7:59 PM, Jason Beaudoin
> wrote:
>> From a compliance perspective, I don't have much choice. From the
>> costs, infrastructure, and administrative perspectives, I am currently
>> evaluating whether or not I should b
Jason,
I was trying to communicate my very small and limited experience with Snort
on a PFSense appliance (FreeBSD + pf). The install and configuration is
easy. I cannot speak to on-going maintenance on a big network.
Mehma
===
On Thu, Feb 18, 2010 at 6:30 AM, Jason Beaudoin wrote:
> On Wed, F
On Thu, Feb 18, 2010 at 2:33 AM, Tomas Bodzar wrote:
> http://www.ranum.com/security/computer_security/editorials/dumb/index.html
>
> especially number 2 is targeted against IDS/IPS, antivirus and similar
> solutions. I found this link thanks to my colleague and it's really
> very descriptive.
G
Jason Beaudoin wrote:
On Wed, Feb 17, 2010 at 11:28 PM, Johan Beisser wrote:
On Wed, Feb 17, 2010 at 7:59 PM, Jason Beaudoin wrote:
From a compliance perspective, I don't have much choice. From the
costs, infrastructure, and administrative perspectives, I am currently
evaluating whether or no
On Thu, Feb 18, 2010 at 10:08 AM, Vijay Sankar wrote:
> bro-ids
Great suggestion! thank you :)
Allow me to speak from another perspective. It all depends on $$, and the
network you have and how much leverage the security team has.
Usually, the security team does not have as much leverage and needs to play
catch up.
Understand this - no matter which solution you choose,
IDS/IPS/opensource/
Just don't get ISS crap.
Also, snort is good, but you must know what you're doing. Our snort box,
running on an old throw away box, and only capturing/analyzing 10 minutes of
every hour, is giving us *MORE* useful data than half a mil worth of ISS
crap.
Care to elaborate? :)
Thanks!
On Thu, Feb 18, 2010 at 11:48 AM, Laurens Vets wrote:
>
>
>
> Just don't get ISS crap.
>>
>> Also, snort is good, but you must know what you're doing. Our snort box,
>> running on an old throw away box, and only capturing/analyzing 10 minutes
>> of
>> every hour, is giving us *MORE* useful dat
On Thu, Feb 18, 2010 at 2:59 PM, bofh wrote:
> On Thu, Feb 18, 2010 at 11:48 AM, Laurens Vets wrote:
>
>>
>>
>>
>> Just don't get ISS crap.
>>>
>>> Also, snort is good, but you must know what you're doing. Our snort box,
>>> running on an old throw away box, and only capturing/analyzing 10 min
On Wed, Feb 17, 2010 at 10:59:05PM -0500, Jason Beaudoin wrote:
> As I often have greater respect for a much larger portion of this list
> than the rest of the internet, I am curious what is thought about
> current IDS/IPS hardware from vendors like Trustwave, Checkpoint,
> Alert Logic, mod_securit
On 2/18/2010 8:59 PM, bofh wrote:
On Thu, Feb 18, 2010 at 11:48 AM, Laurens Vets wrote:
Just don't get ISS crap.
Also, snort is good, but you must know what you're doing. Our snort box,
running on an old throw away box, and only capturing/analyzing 10 minutes
of
every hour, is giving us
Hi Rich!
On Fri, Feb 19, 2010 at 7:52 AM, Rich Kulawiec wrote:
> On Wed, Feb 17, 2010 at 10:59:05PM -0500, Jason Beaudoin wrote:
>> As I often have greater respect for a much larger portion of this list
>> than the rest of the internet, I am curious what is thought about
>> current IDS/IPS hardw
Having looked into BroIDS and a couple of potential options/setups,
I'd be interested in hearing anyone's experience working with either
or both BroIDS / Snort..
- i like that BroIDS is network-based as opposed to signature, though
it doesn't seem like Bro has frontend as polished as one might li
On Tue, Feb 23, 2010 at 12:40 AM, Johan Beisser wrote:
> On Mon, Feb 22, 2010 at 8:53 PM, Jason Beaudoin
wrote:
>
>> - in terms of BroIDS/Snort and PF.. who comes first in processing
>> network traffic?
>
> hardware interface
> kernel device driver
> bpf/pcap -->> application (tcpdump, snort, Br
20 matches
Mail list logo