Focus on IDS
Back to list
AW: Need help/info
May 26 2009 07:51AM
Daniel, Akos (a daniel drillisch-telecom de)
It is the same for me. I need to plan and deploy an IPS/IDS system for our hup-spoke sites.
But I think I may not spend any time with self installed free product.
Till I setup basic things required for IPS:
- Event Correlation
- Alert Setup
- Some/default Reports
- Automatic updates (1. Signature database updates. 2. OS updates)
- Secured/Taskspecific OS (Only required packages should be installed)
- Manageability (example GUI, User management)
- Predefined backup and restore functions
- Automatic Log Archiving (the space is always little)
- High Availability, if required
In your case as well, I think it is too much expectation from a Security engineer without experience or the impact of using an IPS seems to be low /it is definitely not business critical/.
Huh, that sound a little bit negative, but I want to help! :-)
I am in the same situation, as I mentioned.
There should be in the near of your site a company with IT security services.
What I plan for my company -as I did that once- is that, I will ask for trial products and some introduction with allocated engineer for a day.
As I experienced such companies can give you the box (Cisco IPS, Checkpoint, Juniper, Sourcefire, whatever box) for a couple of days if they feel the smell of business :-).
Whatever they feel, it is like a car, if you don't like you will leave it.
So first of all, think it over what you need in future and what you have to monitor.
- Topology of your company
- Bandwidth of the sites
- Have you sensitive hosts or servers on all sites?
- Have you sensitive applications on all sites?
- How many internet gateways you have? Have you that on all sites?
Hope you can find something useful in my answer. If not maybe this one can help to start your journey in the world of snort:
Von: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] Im Auftrag von Joel Esler
Gesendet: Montag, 25. Mai 2009 21:57
Cc: focus-ids (at) securityfocus (dot) com [email concealed]
Betreff: Re: Need help/info
I might suggest the Snort Mailing lists, available via Snort.org
I might also suggest the forums, available at Snort.org.
Furthermore I might also suggest the IRC channel on irc.freenode.net in #snort
On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 (at) gmail (dot) com [email concealed]> wrote:
> I work for a small company with a hub/spoke network. I've been tasked with
> setting up an IDS(Snort) to begin monitoring security related events and
> basically build out a security program/infrastructure. Do any of you have
> any good sites/forums that go into the process of intrusion detection. I can
> get the alerts from snort but there are so many that it it's hard to make
> heads or tails. I'm looking for ideas on what to look for and what to pay
> specific attention to. Also any good websites that alert/explain new
> vulnerabilities would be great. Any help would be appreciated.
> View this message in context: http://www.nabble.com/Need-help-info-tp23644667p23644667.html
> Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com.
joel esler | Sourcefire
[ reply ]
Copyright 2010, SecurityFocus