On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 (at) gmail (dot) com [email concealed]> wrote:
>
> I work for a small company with a hub/spoke network. I've been tasked with
> setting up an IDS(Snort) to begin monitoring security related events and
> basically build out a security program/infrastructure.  Do any of you have
> any good sites/forums that go into the process of intrusion detection. I can
> get the alerts from snort but there are so many that it it's hard to make
> heads or tails. I'm looking for ideas on what to look for and what to pay
> specific attention to.  Also any good websites that alert/explain new
> vulnerabilities would be great. Any help would be appreciated.

Hello,

If you're looking for a good book or two, my Tao and Extrusion books will help:

http://www.taosecurity.com/books.html

If you're looking for blogging on the subject, try my blog:

http://taosecurity.blogspot.com

I also wrote a series for TechTarget called Snort Report:

http://searchsecuritychannel.techtarget.com/tips/index/0,289482,sid97_ta
x307691,00.html

If you're looking for a good Wiki, try:

http://nsmwiki.org

If you're looking for the best suite for network security monitoring, try:

http://www.sguil.net

Good luck!

Richard

[ reply ]