Snort is very complicated for the average user and sysadmin, especially with the mysql support and that is the only way I recommend running it. But you should look at a product called Demarc the self install script will install every piece of the ids you need snort, mysql, apache with ssl simply everything. Then you get a web browse interface to it and not only that you can manage more than one snort/demarc sensor from one location which is very important when deploying IDS central management. I am not way affiliated with this product but have been so impressed by what I have seen. And if you do deicde to use snort www.securityfocus.com has a mailing list similar to this one about ALL IDS sensors. But what is most important up to date signatures are posted here right away. On the first day of bugbear virus I had a script on my sensors that showed it was traversing out network and in a matter of hours we had it cleaned up and protected from it.
-----Original Message----- From: Gragido, William [mailto:william.gragido@;ins.com] Sent: Thursday, October 17, 2002 10:04 PM To: [EMAIL PROTECTED] Subject: RE: IDS-Security [7:55780] You don't have to buy a copy of OpenBSD. Snort runs on Linux and has been ported to, you guessed it, Windoze as well. I have been working with it for quite a long time and I love it. -----Original Message----- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com] Sent: Thursday, October 17, 2002 8:27 PM To: [EMAIL PROTECTED] Subject: RE: IDS-Security [7:55780] If you are looking for a great IDS solution take a look a snort. www.snort.org Buy a copy of OpenBSD and install snort. Snort is open source and it awesome IDS software. If it is good enough for Northcutt it is good enough for anybody.... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55869&t=55780 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
