2002-09-23-18:07:29 [EMAIL PROTECTED]: > I'm an EDP auditor and I want to know some commentaries about the > use of Snort IDS...I'de like to know if anyone recommend it and if > it's a good choice to install in a financial organization.
I'm a security analyst working in a financial organization. At this and previous such I've installed Snort IDS sensors. Snort is among the best of the IDS systems. Different systems have different strengths, but if the deploying organization has the expertise to configure and manage snort systems, you can get a very good coverage that way. Snort sigs are developed and maintained quite aggressively. The tool itself is sound. _Any_ IDS deployment requires an appropriate amount of expertise. Exactly what expertise is required in what fields will vary from one IDS to another; that's often the most important determinant of which one is best for a given organization. You might want to read back issues of the focus-ids mailing list, also right here at SecurityFocus. Also, there's a very fine snort-users mailing list with archives reaching back years, it's linked off www.snort.org. -Bennett
msg08435/pgp00000.pgp
Description: PGP signature