[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Fri, 09 Dec 2005 09:20:31 -0500

Most "enterprise" IDS products are built upon Snort code my friend. Snort is definately ready for whatever type of environment you put it in. Just make sure you follow the snort mailing list from time to time to keep up on new signatures that may not be added to the snort release.

And check ./contrib on snort, you'll find a ton of ways to automate the rule updates. Bad idea to let it autonomously update (because if you HUP snort and there's a bad rule, it dies) .. but easily made into a once-a-week sort of thing.

~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- RE: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprisenetwork
  - From: Paul Melson

References:
- Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
  - From: none none

Prev by Date: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
Next by Date: re: [Full-disclosure] 0-day for sale on ebay
Previous by thread: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
Next by thread: RE: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprisenetwork
Index(es):
- Date
- Thread