Snort mailing list archives

Re: Getting more paranoid by the minute. :-/

From: "Shaun T. Erickson" <ste () smxy org>
Date: Sat, 24 Apr 2004 23:45:42 -0400

Romulo M. Cholewa wrote:

I would like to suggest that you look at the security as a process, not
as a bunch of tools.


I will do my best to view it that way. Thanks. :)

If you were hired to employ *only* snort sensors, you can't think that
only the sensors will keep the potential risk out of the network. It
will only warn you, if properly configured, when someone attempts to
brake in. Concerning to deploying an IDS, keep in mind that reducing the
number of false alerts is a nice goal to pursue.

Ok.

Also, try to work as close as possible to the guys doing the system
hardening and implementation. They can tell you what are their goals, so
you can screen the snort setup better.

It seems that *I'm* supposed to do the hardening, and so on: turning offunneeded services on all their servers, and otherwise locking them down,host-based firewalls, tripwire, running nessus to see if I overlookedanything. The only goal I've been given is to do it all as fast aspossible, so that their customer's data will be protected and they cango live with their product.

I will do my best to ensure everything is secure, and to educate themthat nothing is ever really secure, while keeping in mind everything youand the others have said. I really appreciate the advice, everyone. I'ma sponge, trying to soak up an ocean. :)


        -ste


-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Getting more paranoid by the minute. :-/, (continued)
- - Re: Getting more paranoid by the minute. :-/ Shaun T. Erickson (Apr 24)
  - Re: Getting more paranoid by the minute. :-/ Shaun T. Erickson (Apr 24)
    - Re: Getting more paranoid by the minute. :-/ Demetri Mouratis (Apr 24)
    - Re: Getting more paranoid by the minute. :-/ Shaun T. Erickson (Apr 24)
    - Re: Getting more paranoid by the minute. :-/ Alejandro Flores (Apr 25)
- RE: Getting more paranoid by the minute. :-/ Jim Hendrick (Apr 25)
- Re: Getting more paranoid by the minute. :-/ AJ Butcher, Information Systems and Computing (Apr 26)
- Re: Getting more paranoid by the minute. :-/ Andreas (Apr 26)
  - Re: Getting more paranoid by the minute. :-/ Shaun T. Erickson (Apr 26)
- RE: Getting more paranoid by the minute. :-/ Romulo M. Cholewa (Apr 24)
  - Re: Getting more paranoid by the minute. :-/ Shaun T. Erickson (Apr 24)
- RE: Getting more paranoid by the minute. :-/ Donofrio, Lewis (Apr 26)
- Re: Getting more paranoid by the minute. :-/ Corey Rock (Apr 29)