IDS mailing list archives
Re: IDS Tuning
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 14 Mar 2006 00:13:32 +0530
On 10/03/06 07:49 +1100, Naveen Sharma wrote:
Hi All, What exactly is IDS tuning ? Please provide steps to tune Snort.
Homework assignment for a network administrator? Google is your friend, but anyway: IDS tuning is configuring the IDS to perform ideally in your environment, with few false positives in the alerts generated. Tuning Snort (or any other IDS): You have two options - 1.a) Learn all about networking, the applications you run, and the state of your network. 1.b) Learn to find bottlenecks in hardware. 1.c) Learn to write Snort signatures. 1.d) Tune Snort. 2.a) Define tuned parameters expected. 2.b) Hire expensive consultant to tune Snort 2.c) Pay consultant. 2.d) Keep consultant around to understand Snort output. Nothing replaces the human brain and the ability to RTFM. Devdas Bhagat ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- IDS Tuning Naveen Sharma (Mar 11)
- Re: IDS Tuning lucien Fransman (Mar 14)
- Re: IDS Tuning Devdas Bhagat (Mar 14)
- Re: IDS Tuning Joel Esler (Mar 20)
- <Possible follow-ups>
- RE: IDS Tuning Arun Vishwanathan (Mar 14)