Ron Gula wrote:
> If you are
> the type of NIDS fellow who likes to tweak signatures and SSH into your box
> to check the logs, it's not for you.
I can't imagine installing any type of IDS/IDP device today that wouldn't
allow me to examine and tune existing signatures and create new ones. In
my environment communication needs vary too much and signature analysis is
too inexact to depend upon a vendor's black box. In addition, the ability
to instantly react to new threats at the local level in ways that are unique
to a particular organization's environment seems, to me, to be invaluable.
That has been a strength of both Nessus and Snort. Can you imagine either if
all signatures were hidden from us and locked in stone?
My $0.02 worth.
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Received on Oct 06 2003
Intro
