Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

Re: IDS Tuning
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 14 Mar 2006 00:13:32 +0530
On 10/03/06 07:49 +1100, Naveen Sharma wrote:

Hi All,

What exactly is  IDS tuning ? Please provide steps to tune Snort.



Homework assignment for a network administrator? Google is your friend,
but anyway:

IDS tuning is configuring the IDS to perform ideally in your
environment, with few false positives in the alerts generated.

Tuning Snort (or any other IDS):
You have two options -
1.a) Learn all about networking, the applications you run, and the state
of your network.
1.b) Learn to find bottlenecks in hardware.
1.c) Learn to write Snort signatures.
1.d) Tune Snort.

2.a) Define tuned parameters expected.
2.b) Hire expensive consultant to tune Snort
2.c) Pay consultant.
2.d) Keep consultant around to understand Snort output.

Nothing replaces the human brain and the ability to RTFM.

Devdas Bhagat

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]