Focus on IDS
AW: Need help/info Jun 09 2009 03:11PM
Daniel, Akos (a daniel drillisch-telecom de)
Hi ubernewbie,

I tried the "freeword's toolset" (snort, base, barnyard2, mysql, oinkmaster) that was a wonderful journey. :-)
What I did is already ready here as well in one image:
http://www.securixlive.com/securix-nsm/index.php

Tested with Virtualbox, great tools are packed here and this is up-to-date! :-)

Regards,
Akos

-----Ursprüngliche Nachricht-----
Von: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] Im Auftrag von Stephen Mullins
Gesendet: Dienstag, 26. Mai 2009 13:12
An: Richard Bejtlich
Cc: ubernewbie; focus-ids (at) securityfocus (dot) com [email concealed]
Betreff: Re: Need help/info

These are definitely great books. I recommend every shop I'm in keep
copies on the shelves as references and for Jr. Analysts or those that
don't come from a Network Security Monitoring background. Nowhere
else that I'm aware of really spells out what NSM is and how to do it
right like Bejtlich's Tao.

Steve Mullins

On Mon, May 25, 2009 at 2:27 PM, Richard Bejtlich <taosecurity (at) gmail (dot) com [email concealed]> wrote:
> On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 (at) gmail (dot) com [email concealed]> wrote:
>>
>> I work for a small company with a hub/spoke network. I've been tasked with
>> setting up an IDS(Snort) to begin monitoring security related events and
>> basically build out a security program/infrastructure.  Do any of you have
>> any good sites/forums that go into the process of intrusion detection. I can
>> get the alerts from snort but there are so many that it it's hard to make
>> heads or tails. I'm looking for ideas on what to look for and what to pay
>> specific attention to.  Also any good websites that alert/explain new
>> vulnerabilities would be great. Any help would be appreciated.
>
> Hello,
>
> If you're looking for a good book or two, my Tao and Extrusion books will help:
>
> http://www.taosecurity.com/books.html
>
> If you're looking for blogging on the subject, try my blog:
>
> http://taosecurity.blogspot.com
>
> I also wrote a series for TechTarget called Snort Report:
>
> http://searchsecuritychannel.techtarget.com/tips/index/0,289482,sid97_ta
x307691,00.html
>
> If you're looking for a good Wiki, try:
>
> http://nsmwiki.org
>
> If you're looking for the best suite for network security monitoring, try:
>
> http://www.sguil.net
>
> Good luck!
>
> Richard
>
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus