Right now we really dont have anything and my manager asked me to look into it. what do you guys use or recomend?
Printable View
Right now we really dont have anything and my manager asked me to look into it. what do you guys use or recomend?
SNORT.
In fact, I just wrote a paper on expanding the role of snort in our enterprise this morning. www.snort.org
Have you read TheHorse13' tuts on Nmap? That's where I'm starting from. Don't know much yet myself, though I do know the above mentioned SNORT is quite popular.
I know very little about this but will be looking into snort, Tripwire, Toplayer, Internet Security systems, and net screen
Knight....Nmap is basically a scanner it is not an IDS (Intrusion Detection System).Quote:
Originally posted here by AngelicKnight
Have you read TheHorse13' tuts on Nmap? That's where I'm starting from. Don't know much yet myself, though I do know the above mentioned SNORT is quite popular.
Cheers:
SNORT as a NIDS.
Learn a little about Network Intrustion Detection solutions here.
thanks for the info guys!
I knew that...I was just...making sure you knew that... ;)Quote:
Knight....Nmap is basically a scanner it is not an IDS (Intrusion Detection System).
Thanks for setting my straight there. 3ntropy's paper helped too. So port scanning for intrustions an IDS does not make, got it.
Before even considering an IDS there are many other things that you will want to think about. deploying an IDS is not as simple as installing snort, configuring it and then letting it go. There are many, many factors involved and none are to be overlooked. Head over to http://www.security-focus.com for more info. They have a large database covering any questions you would have.