Re: Need help/infoMay 25 2009 06:27PM Richard Bejtlich (taosecurity gmail com) (1 replies)
Re: Need help/infoMay 26 2009 11:12AM Stephen Mullins (steve mullins work gmail com)
Re: Need help/infoMay 23 2009 07:12PM Stephen Mullins (steve mullins work gmail com) (2 replies)
Re: Need help/infoMay 25 2009 10:19PM Fossett, Jeff S (Fossett Jeff con-way com)
Another great book on Snort and Ethereal is "Hack the Stack". It is
from a whitehat/CEH perspective.
On May 25, 2009, at 11:01 AM, "Stephen Mullins" <steve.mullins.work (at) gmail (dot) com [email concealed]
> wrote:
> All of the information you need is available on the web. Just google
> your way through this. At the end of it all you should be pretty well
> versed in Snort and associated tasks (sensor placement etc.).
>
> Have fun with it. I'm a little envious that you get to do this
> security build out from scratch. I have resorted to deploying Snort
> on my home network to get that experience. If you aren't set on an
> analysis front end yet I suggest Sguil, of which I am a big fan.
>
> Steve Mullins
>
> On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 (at) gmail (dot) com [email concealed]
> > wrote:
>>
>> I work for a small company with a hub/spoke network. I've been
>> tasked with
>> setting up an IDS(Snort) to begin monitoring security related
>> events and
>> basically build out a security program/infrastructure. Do any of
>> you have
>> any good sites/forums that go into the process of intrusion
>> detection. I can
>> get the alerts from snort but there are so many that it it's hard
>> to make
>> heads or tails. I'm looking for ideas on what to look for and what
>> to pay
>> specific attention to. Also any good websites that alert/explain new
>> vulnerabilities would be great. Any help would be appreciated.
>> --
>> View this message in context: http://www.nabble.com/Need-help-info-tp23644667p23644667.html
>> Sent from the IDS (Intrusion Detection System) mailing list archive
>> at Nabble.com.
>>
>>
>>
>>
>
>
from a whitehat/CEH perspective.
On May 25, 2009, at 11:01 AM, "Stephen Mullins" <steve.mullins.work (at) gmail (dot) com [email concealed]
> wrote:
> All of the information you need is available on the web. Just google
> your way through this. At the end of it all you should be pretty well
> versed in Snort and associated tasks (sensor placement etc.).
>
> Have fun with it. I'm a little envious that you get to do this
> security build out from scratch. I have resorted to deploying Snort
> on my home network to get that experience. If you aren't set on an
> analysis front end yet I suggest Sguil, of which I am a big fan.
>
> Steve Mullins
>
> On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 (at) gmail (dot) com [email concealed]
> > wrote:
>>
>> I work for a small company with a hub/spoke network. I've been
>> tasked with
>> setting up an IDS(Snort) to begin monitoring security related
>> events and
>> basically build out a security program/infrastructure. Do any of
>> you have
>> any good sites/forums that go into the process of intrusion
>> detection. I can
>> get the alerts from snort but there are so many that it it's hard
>> to make
>> heads or tails. I'm looking for ideas on what to look for and what
>> to pay
>> specific attention to. Also any good websites that alert/explain new
>> vulnerabilities would be great. Any help would be appreciated.
>> --
>> View this message in context: http://www.nabble.com/Need-help-info-tp23644667p23644667.html
>> Sent from the IDS (Intrusion Detection System) mailing list archive
>> at Nabble.com.
>>
>>
>>
>>
>
>
[ reply ]