Language Selection

English French German Italian Portuguese Spanish

When Snort is not enough

Filed under
Software

As an independent security consultant I offered a course to customers called Network Security Operations, which covered network-centric intrusion detection, response and forensics. Students often asked, "Is this the Snort course?" And I answered, "Not exactly, but you're probably in the right place."

I've been inspecting and acting upon network traffic for 10 years. When I tell people that I use network traffic as one means to detect and respond to intrusions, many respond by saying, "So you use Ethereal, right?" I find myself responding in a similar manner to the Snort question: "Not exactly, but sometimes."

Both of these questions point to customer perceptions of common ways to detect and respond to intrusions. The digital security field is incredibly complicated and anyone who claims to be a master of the entire field is a fool. In fact, mastery of any single subject might require such narrow focus as to be of little relevance to the remainder of the field. Those who are most successful have carved some niche out of the security landscape, but still understand the rest of the arena.

More Here




re: Snort

Snort is IDS (not IPS), and generates WAAAAAAAAAAY more false alarms then any real attacks.

The author states: "At the end of the day, you can never have enough data." - I guess that's true when you're a "security consultant" and charge by the hour to wade thru the reams of fluff looking for a line or two indicating a real attack (like SETI only not as exciting - or probable).

Firewalls are like windshields - they both catch a zillon nasties ON THE OUTSIDE. It's only when they come INSIDE do you have to worry.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Aging Ubuntu Software Center Is Another Reason Why Ubuntu Needs Snappy Packages

The Ubuntu Software Center is a great piece of technology that has lived its life and needs to either go away or go through a major transformation. The new Snappy packages that will be soon used in the Ubuntu desktop would be a great opportunity. Read more

How to Make Money from Open Source Platforms, Part 3: Creating a Product

What is the value of an open source platform? Would someone ever pay for it outright? Indeed, how does someone use an open source platform? Let’s start with the oldest and most significant of open source platforms, Linux. For the longest time, Linux was dismissed as a non-viable data center technology for “enterprise-grade” or “business critical” operations because it had no support model, no applications that ran on it and no obvious way to make money from it. How, then, did Linux become the engine that fueled the growth of the world’s open source ecosystem, an ecosystem that could be valued in the trillions of dollars, when calculating the percentage of the world’s economy that relies on open source systems? Was it just a bunch of hippies sharing the software and singing about it, or were there clear business reasons paving the way to its eventual victory? Read more

Raspberry Pi As Your Next Linux PC

Not that many years ago, buying a new PC meant spending hundreds of dollars just for an entry level machine. Fortunately these days the barrier to entry has been greatly reduced. Thanks to innovations in lower end computing options, one can get a brand new computer for the price of a steak dinner. The most commonly known of these lower-end computing options is known as the Raspberry Pi. Read more

Porteus Kiosk Edition 3.4.0 Is a Portable OS Based on Gentoo

Portable Linux operating system based on the Linux Live Scripts, Porteus Kiosk Edition, has been upgraded to version 3.4.0 and is now available for download. Read more