Might I recommend a book? "The TAO of Network Security Monitoring" by
Richard Bejtlich has been a great book for me. He is a big user of
squil (pronounced SQUEAL) and other tools using FreeBSD and open
source tools. I did an interview with a him a while back and then
later read his book:
> All of the information you need is available on the web. Just google
> your way through this. At the end of it all you should be pretty well
> versed in Snort and associated tasks (sensor placement etc.).
>
> Have fun with it. I'm a little envious that you get to do this
> security build out from scratch. I have resorted to deploying Snort
> on my home network to get that experience. If you aren't set on an
> analysis front end yet I suggest Sguil, of which I am a big fan.
>
> Steve Mullins
>
> On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 (at) gmail (dot) com [email concealed]
> > wrote:
>>
>> I work for a small company with a hub/spoke network. I've been
>> tasked with
>> setting up an IDS(Snort) to begin monitoring security related
>> events and
>> basically build out a security program/infrastructure. Do any of
>> you have
>> any good sites/forums that go into the process of intrusion
>> detection. I can
>> get the alerts from snort but there are so many that it it's hard
>> to make
>> heads or tails. I'm looking for ideas on what to look for and what
>> to pay
>> specific attention to. Also any good websites that alert/explain new
>> vulnerabilities would be great. Any help would be appreciated.
>> --
>> View this message in context: http://www.nabble.com/Need-help-info-tp23644667p23644667.html
>> Sent from the IDS (Intrusion Detection System) mailing list archive
>> at Nabble.com.
>>
>>
>>
>>
>
>
Richard Bejtlich has been a great book for me. He is a big user of
squil (pronounced SQUEAL) and other tools using FreeBSD and open
source tools. I did an interview with a him a while back and then
later read his book:
http://feeds.apertamedia.com/~r/SitesCollide/~5/1C9nKjkWUvI/scr006.mp3
THe book is ISBN 0-321-24677-2
Hope that helps, enjoy!
Tyrel McMahan
tyrel (at) tyrel (dot) pl [email concealed]
+48.697.770.444 (Warsaw, PL)
gpg Public Key:
555E C4FB 43C1 EDB5 A71F 9619 EB02 3E62 DEEE 7418
On 2009-05-23, at 21:12, Stephen Mullins wrote:
> All of the information you need is available on the web. Just google
> your way through this. At the end of it all you should be pretty well
> versed in Snort and associated tasks (sensor placement etc.).
>
> Have fun with it. I'm a little envious that you get to do this
> security build out from scratch. I have resorted to deploying Snort
> on my home network to get that experience. If you aren't set on an
> analysis front end yet I suggest Sguil, of which I am a big fan.
>
> Steve Mullins
>
> On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 (at) gmail (dot) com [email concealed]
> > wrote:
>>
>> I work for a small company with a hub/spoke network. I've been
>> tasked with
>> setting up an IDS(Snort) to begin monitoring security related
>> events and
>> basically build out a security program/infrastructure. Do any of
>> you have
>> any good sites/forums that go into the process of intrusion
>> detection. I can
>> get the alerts from snort but there are so many that it it's hard
>> to make
>> heads or tails. I'm looking for ideas on what to look for and what
>> to pay
>> specific attention to. Also any good websites that alert/explain new
>> vulnerabilities would be great. Any help would be appreciated.
>> --
>> View this message in context: http://www.nabble.com/Need-help-info-tp23644667p23644667.html
>> Sent from the IDS (Intrusion Detection System) mailing list archive
>> at Nabble.com.
>>
>>
>>
>>
>
>
[ reply ]