Re: Snort as IDS/IPS in mission-critical enterprise network

[Michael Holstein <michael.holstein () csuohio edu>]

> Most "enterprise" IDS products are built upon Snort code my friend. 
> Snort is definately ready for whatever type of environment you put it 
> in. Just make sure you follow the snort mailing list from time to time 
> to keep up on new signatures that may not be added to the snort release.

And check ./contrib on snort, you'll find a ton of ways to automate the 
rule updates. Bad idea to let it autonomously update (because if you HUP 
snort and there's a bad rule, it dies) .. but easily made into a 
once-a-week sort of thing.

~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/