January 29th, 2002 10:09 PM
I have been reading these forums for quite some time now, and I really think there is a lack of attention to IDS systems. I have been using snort on linux, openbsd, and freebsd and I really think it is great.
What I would like to hear from you guys is first, if anyone has any experience with it, second, how are you using it in your environment, and third, it would really be nice to hear something maybe about your favorite snort tips and tricks.
My company just developed a branded network based IDS based on snort, and it has really been a pretty cool project to work on. We are currently using Demarc as the front end, with a few modifications of course, and have deployed it in several networks so far where it has been greatly appreciated by our clients. The one area we have not really perfected yet is management of multiple snort ids boxes across the enterprise from a single enforcement point. One thing especially is being able to securely push out signature files to all the sensors on the network with an automated process. Are there any tools already existing for something like this?
I would greatly appreciate any help anyone can give me. Thanks in advance.