Language Selection

English French German Italian Portuguese Spanish

When Snort is not enough

Filed under
Software

As an independent security consultant I offered a course to customers called Network Security Operations, which covered network-centric intrusion detection, response and forensics. Students often asked, "Is this the Snort course?" And I answered, "Not exactly, but you're probably in the right place."

I've been inspecting and acting upon network traffic for 10 years. When I tell people that I use network traffic as one means to detect and respond to intrusions, many respond by saying, "So you use Ethereal, right?" I find myself responding in a similar manner to the Snort question: "Not exactly, but sometimes."

Both of these questions point to customer perceptions of common ways to detect and respond to intrusions. The digital security field is incredibly complicated and anyone who claims to be a master of the entire field is a fool. In fact, mastery of any single subject might require such narrow focus as to be of little relevance to the remainder of the field. Those who are most successful have carved some niche out of the security landscape, but still understand the rest of the arena.

More Here




re: Snort

Snort is IDS (not IPS), and generates WAAAAAAAAAAY more false alarms then any real attacks.

The author states: "At the end of the day, you can never have enough data." - I guess that's true when you're a "security consultant" and charge by the hour to wade thru the reams of fluff looking for a line or two indicating a real attack (like SETI only not as exciting - or probable).

Firewalls are like windshields - they both catch a zillon nasties ON THE OUTSIDE. It's only when they come INSIDE do you have to worry.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Leftovers: Software

today's howtos

Leftovers: Gaming

Pro tip: Find tons of open-source Android software with F-Droid

If you're looking for truly open-source software for the Android platform, you don't have to do a ton of searching or check through licenses from within the Google Play Store. All you have to do is download a simple tool called F-Droid. With this tool, you can download and install apps (from quite a large listing) as easily as you can from the Google Play Store. You won't, however, find F-Droid in the Google Play Store. Instead, you have to download the .apk file and install it manually. Once it's installed, the rest is just a matter of searching for an app and tapping to install. Read more