RE: newbie quetsions

["Harper, Patrick" <Patrick.Harper () phns com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Snort is a good option (in my opinion) for any size business.  The
larger the deployment the better you need to be at using it.  The box
your running now for your gateway might be a little light for the
job, you might want to look at a faster system but you do not need a
fast server or anything for a deployment your size.

Remember IDS's require tuning, out of the box they are all pretty
much useless because they will just overload you with info that does
not matter and you will either stop watching or uninstall it because
you think it is useless.  Tune the rule set for your deployment.  If
your running an IIS server internally then you do not need the apache
rules.  If you are an oracle shop then you do not need most of the MS
SQL rules.  Learn how to threshold and suppress as needed.  

There are several good books out on snort.  The Syngress book is
written by people that know Snort inside and out like Brian Caswell.
http://www.bookpool.com/.x/pizrqesaor/sm/1931836744

Hope that helps, I am a little biased to the snort side of the world
but that is only because it has done me well for so long.

 
- -----Original Message-----
From: Andrey Todorov [mailto:andreyt () gawab com] 
Sent: Friday, December 24, 2004 9:08 AM
To: focus-ids () securityfocus com
Subject: newbie quetsions

Hi People,
I tried several times to subscribe myself to "Security Basics"
mailing 
list to ask my questions, but didn't succeed. Excuse me if my
questions 
aren't adequate to "Focus IDS" mailing list!

I'll be very gratefull if you share your opinion with me for the 
following situation. I have small network (5 PCs) behind one Linux
box 
(iptables firewall , Pentium I 166Mhz, 32MB RAM, 4GB HDD) and want to
increase security for this network.

    1. Do I need IDS?
    2. What do you think about Snort? Can I find easy maintainable 
free/opensource IDS then Snort?
    3. What IDS literature should I read?

Thank you in advance!

Andrey



- ----------------------------------------------------------------------
- ----
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks
from 
CORE IMPACT.
Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
- ----------------------------------------------------------------------
- ----




-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQdF3kJiWafDb7+B/EQI6tgCfV2rP2l2PUMxHzj2XSK/d/ncQB94AoOW1
2fp7hsiFLetlfReGfdqt1r+m
=LBep
-----END PGP SIGNATURE-----




Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------