[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
- To: "Native.Code" <native.code@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
- From: "J.A. Terranson" <measl@xxxxxxx>
- Date: Fri, 9 Dec 2005 11:13:17 -0600 (CST)
On Fri, 9 Dec 2005, Native.Code wrote:
> Is Snort enterprise ready where it can be deployed to monitor
> mission-critical network?
Yes. It is, and has been for some time.
> If any of you can name any big network which is using Snort as an example,
> it will be very helpful.
Because of NDA, I cannot *name* the network where I was a part of the team
installing and maintainting SNORT on a large network, but I can tell you
that this network is one of the top tier-1 NSPs. I can tell you that
SNORT is the sole such product chosen for this purpose, and that it works
better than we could have possibly hoped for. last I looked, SNORT was
being used on circuits as large as OC12s.
The problem isn't going to be your sensor (SNORT et al), but your back end
software - *that* part is a bitch!
--
Yours,
J.A. Terranson
sysadmin@xxxxxxx
0xBD4A95BF
I like the idea of belief in drug-prohibition as a religion in that it is
a strongly held belief based on grossly insufficient evidence and
bolstered by faith born of intuitions flowing from the very beliefs they
are intended to support.
don zweig, M.D.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/