- Posts: 29
- Thank you received: 0
IDS
20 years 6 months ago #1159
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
nnbnbHeres a link to one of the other posts to the same question
www.firewall.cx/modules.php?name=Forums&...mp;highlight=ids+eds
As you can see, snort got the thumbs up as the network IDS
, you can also run tripwire over any important hosts you have (I'm sure theres a windows port of tripwire if you need it).
The art is in where you place it, lots of people think you can just point it at all incoming traffic right behind the router, but if you generate a sizeable amount of traffic you're gonna be loading down the IDS, and often they end up skipping packets because they're busy processing. Not to mention you'll probably get way more false positives this way.
Identify your crown jewels (as crude as that might sound) and position it to protect them best.
Later,
www.firewall.cx/modules.php?name=Forums&...mp;highlight=ids+eds
As you can see, snort got the thumbs up as the network IDS
, you can also run tripwire over any important hosts you have (I'm sure theres a windows port of tripwire if you need it).The art is in where you place it, lots of people think you can just point it at all incoming traffic right behind the router, but if you generate a sizeable amount of traffic you're gonna be loading down the IDS, and often they end up skipping packets because they're busy processing. Not to mention you'll probably get way more false positives this way.
Identify your crown jewels (as crude as that might sound) and position it to protect them best.
Later,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.145 seconds