Re: Configuring Snort as a HIDS

[Jason Haar <Jason.Haar () trimble co nz>]

Seth wrote:
> Remember also that if the server you install snort on sees alot of
> traffic, snort will be stealing alot of CPU and memory away from the
> service you are offering. 
That is so true. However, also remember that "file integrity" checks
means checksumming every file in scope - which also tends to also hammer
the box.

You can't get something for nothing :-)

PS: osiris is also an option. Very easy to set up, Windows and Unix
support. http://*osiris*.shmoo.com

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users