Comment Request

["HamidReza Ghorbani" <ghorbani.it () ut ac ir>]

Hi

We have a project concerning increasing security level on our computer
systems using intrusion detection systems. In order to do that we try to
add an extra security layer alongside SNORT-IDSs.

We have studied characteristics of some open source IDSs like Prelude,
OSSEC,OSSIM, Bro and Suricata .
We have three approaches in mind:
1.      Adding  a host-based IDS (Preferably anomaly based IDS ) beside SNORT
2.      Adding  a set of anomaly based plugging (like PHAD and NETAD) to SNORT
preprocessor.
3.      Adding an Antivirus

The goals is to address shortcomings of Signature based IDS(like SNORT)
with one of the approaches above.
It is important that the selected approach is compatible with SNORT, when
implementing.

We need your professional comments. Which approach do you recommend and
which tools do you think is more suitable, regarding that approach.

Regards
Hamid



















------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!