IDS mailing list archives
RE: New to Snort !!!
From: "Eric Hines" <eric.hines () appliedwatch com>
Date: Tue, 31 May 2005 07:57:42 -0500
Venkatesh, You'll find that Snort boasts the same capabilities if not more than the more expensive commercial IDS solutions out there. With an equally attractive price point (free), it offers some awesome features over its commercial counterparts. Just a few features we use when presenting our Snort management solution to customers: 1) Stateful pattern inspection engine; 2) Underwent an external third party professional security audit; 3) Real-time TCP session sniping for passive intrusion prevention using Flexresp preprocessor; 4) HTTP, Telnet, and other upper-layer protocol decoding engine; 5) Portscan detection engine; 6) Thresholding and suppression on individual signatures per IP; 7) Recently Snort-Inline merged in to Snort, giving it inline (IPS) capabilities 8) Text-based rule syntax allowing user to view and easily create his/her own signatures Much, much more.. I know I'm missing some things. Perhaps others can add to this. Best Regards, Eric Hines, GCIA, CISSP CEO, President, Chairman Applied Watch Technologies, LLC 1134 N. Main St. Algonquin, IL 60102 Tel: (877) 262-7593 e:327 Fax: (877) 262-7593 Mob: (847) 456-6785 Web: http://www.appliedwatch.com ---------------------------------------------------------------------------- - Enterprise Snort Management at http://www.appliedwatch.com. Security Information Management for the Open Source Enterprise. ---------------------------------------------------------------------------- - -----Original Message----- From: Venkatesh G S [mailto:venkatesh.gs () gmail com] Sent: Tuesday, May 24, 2005 10:45 PM To: Security Focus IDS Forum Subject: New to Snort !!! Hi all, I am a new member to this group & i am sure i will get your valuable suggestion for my problem. I work for an organization where we have almost all the latest devices in place, which includes L3 Switches, VOIP,High end server & etc. We have around 1500 desktops & this is a production environment. My problem i) My network manager wants me to suggest an IDS, and i googled yesterday i recommened him - Snort. ii) I am quite new to IDS and i haven't done even a single installation of Snort till now. Can anyone let me know the features of Snort, where this sensor should be placed in the Network?. Plz dont think that i am not doing my homework.i have already started to collect information from Snort.org but i find it a little to difficult to undersatnd the concept. I need help in how to install Snort?. Finally are there any windows edition of Snort avaliable. Regards Venkatesh -- The impossible is often untried. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: New to Snort !!! Doug . Janelle (Jun 01)
- <Possible follow-ups>
- Re: New to Snort !!! Justin . Ross (Jun 01)
- RE: New to Snort !!! Eric Hines (Jun 01)