IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: newbie quetsions

From: "Randy Golly" <randy.golly () comcast net>
Date: Tue, 28 Dec 2004 14:24:40 -0600
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Do you need IDS?  What are you protecting in the first place?  Is it
valuable enough to you to monitor if someone is trying to obtain it? 
If it is, then do you have the time and resources to properly protect
it?  

To increase the security of your network, make sure your firewall is
closed to all but necessary services, both incoming and outgoing
traffic.  Turn up the security awareness level of anyone using your
network.  Any data that is that important, put it on encrypted drives
so if someone does get in, it is worthless to them anyways.  Backup
daily and keep a set offsite as last resort.  That is all much easier
than putting up an IDS.

Off the cuff answer would be no to the IDS, not with a small network.
 It is one thing to put up an IDS, another to monitor and tune it
properly so that it is relevant.  Tuning an IDS to weed out the false
positives is not and easy or a one time task, it takes constant
monitoring and tweaking.  You must know what you are looking at to
know when something is not normal.

Snort is the way to go for open source IDS.  There is a large
community to gather and obtain info from.  As far as literature goes,
http://www.snort.org/docs/ is the best place to go.  If nothing else,
put up snort just to get yourself familiar with what is normal and
abnormal traffic on your network and use this information to further
tune your firewall rules.

Good luck,
Randy Golly 

- -----Original Message-----
From: Andrey Todorov [mailto:andreyt () gawab com] 
Sent: Friday, December 24, 2004 9:08 AM
To: focus-ids () securityfocus com
Subject: newbie quetsions

Hi People,
I tried several times to subscribe myself to "Security Basics"
mailing list to ask my questions, but didn't succeed. Excuse me if my
questions aren't adequate to "Focus IDS" mailing list!

I'll be very gratefull if you share your opinion with me for the
following situation. I have small network (5 PCs) behind one Linux
box (iptables firewall , Pentium I 166Mhz, 32MB RAM, 4GB HDD) and
want to increase security for this network.

    1. Do I need IDS?
    2. What do you think about Snort? Can I find easy maintainable
free/opensource IDS then Snort?
    3. What IDS literature should I read?

Thank you in advance!

Andrey



- ----------------------------------------------------------------------
- ----
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks
from CORE IMPACT.
Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
- ----------------------------------------------------------------------
- ----

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQdHBBx3mdvPQn8MfEQKJrwCg155T/uOrpZXj/bl372WkPAxvT04Anifh
TKQmi+wmFWAfqKSrKUrZMBFf
=NG2W
-----END PGP SIGNATURE-----


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: