Snort mailing list archives
Re: Comment Request
From: livio Ricciulli <livio () metaflows com>
Date: Tue, 13 Nov 2012 10:45:07 -0800
Signature based with Snort is a major component but additional security information which is very useful to augment Snort: Flow Monitoring. Behavioral (or Anomaly Detection). File Carving. Passive application service discovery. Vulnerability scanning. Honeypots. System and HIDS log correlation with all the above. All these together give you much better security than just Snort. Livio. On 11/09/2012 11:43 PM, HamidReza Ghorbani wrote:
Hi We have a project concerning increasing security level on our computer systems using intrusion detection systems. In order to do that we try to add an extra security layer alongside SNORT-IDSs. We have studied characteristics of some open source IDSs like Prelude, OSSEC,OSSIM, Bro and Suricata . We have three approaches in mind: 1. Adding a host-based IDS (Preferably anomaly based IDS ) beside SNORT 2. Adding a set of anomaly based plugging (like PHAD and NETAD) to SNORT preprocessor. 3. Adding an Antivirus The goals is to address shortcomings of Signature based IDS(like SNORT) with one of the approaches above. It is important that the selected approach is compatible with SNORT, when implementing. We need your professional comments. Which approach do you recommend and which tools do you think is more suitable, regarding that approach. Regards Hamid ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Comment Request HamidReza Ghorbani (Nov 13)
- Re: Comment Request waldo kitty (Nov 13)
- Re: Comment Request Jeremy Hoel (Nov 13)
- Re: Comment Request Castle, Shane (Nov 13)
- Re: Comment Request Jeremy Hoel (Nov 13)
- Re: Comment Request livio Ricciulli (Nov 13)
- Re: Comment Request waldo kitty (Nov 13)