IDS mailing list archives
RE: Low cost HID based IDS system
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 20 May 2003 15:49:22 -0500
I'm a big believer in open source. I use snort, nessus, nmap, etc. daily. I run snort on FreeBSD. I'm writing to you on a RedHat box. I don't think that I missed your point. I was trying to point out to you that the cost of a service isn't *just* the equipment or software you have to provide. You need to think about that carefully, or you will burn yourself out trying to help your customers.
As one who monitors our network I can tell you that while snort is free, installing it, configuring it, keeping it up to date and *monitoring it* is not. It's nice to have the technology in place, but I *do* have to sleep from time to time, and when I'm sleeping the bad guys are not.
You're absolutely right that something is better than nothing. I'm just trying to warn you to not get your customers' hopes up too high. Unless you can monitor 24/7/365 you *will* miss attacks. They need to know that. They need to understand that the *best* model is one where they get 24/7/365 coverage. What you're thinking about offering them is *useful*, but it needs to be taken in context.
I am *not* saying that what you're thinking about doing is a bad idea. I *am* saying that you need to be realistic regarding your and your customers' expectations and you need to think about how much putting this system together will cost you. I'm sure you don't consider your time as free. How much are you willing to "spend" to put together a system? And how long will it take you to recover that cost?
--On Monday, May 19, 2003 10:21:01 AM +1000 Zach Forsyth <Zach.Forsyth () kiandra com> wrote:
Paul, You seemed to of missed the point a little. Why do people bother developing snort when there are so many other commercial IDS's out there, it's free so therefore it can't be any good. Why do people bother with Nessus Why do people bother with <insert free/cheap/open source solutions here>
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME?IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention.
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------
Current thread:
- Low cost HID based IDS system Zach Forsyth (May 16)
- Re: Low cost HID based IDS system Paul Schmehl (May 16)
- Re: Low cost HID based IDS system dreamwvr () dreamwvr com (May 16)
- Re: Low cost HID based IDS system Krzysztof Zaraska (May 16)
- <Possible follow-ups>
- RE: Low cost HID based IDS system Zach Forsyth (May 20)
- RE: Low cost HID based IDS system Paul Schmehl (May 20)
- Re: Low cost HID based IDS system Dick Li (eBits Limited) (May 22)
- RE: Low cost HID based IDS system Paul Schmehl (May 20)
- Re: Low cost HID based IDS system Andrew Plato (May 20)
- Re: Low cost HID based IDS system SecurIT Informatique Inc. (May 20)
- RE: Low cost HID based IDS system Alan Shimel (May 20)
- RE: Low cost HID based IDS system Schmehl, Paul L (May 20)
- RE: Low cost HID based IDS system Sekurity Wizard (May 26)
- Re: Low cost HID based IDS system George W. Capehart (May 27)
- RE: Low cost HID based IDS system Zach Forsyth (May 27)