Hi, It is the same for me. I need to plan and deploy an IPS/IDS system for our hup-spoke sites. But I think I may not spend any time with self installed free product. Till I setup basic things required for IPS: - Event Correlation - Alert Setup - Some/default Reports - Automatic updates (1. Signature database updates. 2. OS updates) - Secured/Taskspecific OS (Only required packages should be installed) - Manageability (example GUI, User management) - Predefined backup and restore functions - Automatic Log Archiving (the space is always little) - High Availability, if required - ...
In your case as well, I think it is too much expectation from a Security engineer without experience or the impact of using an IPS seems to be low /it is definitely not business critical/. Huh, that sound a little bit negative, but I want to help! :-) I am in the same situation, as I mentioned. There should be in the near of your site a company with IT security services. What I plan for my company -as I did that once- is that, I will ask for trial products and some introduction with allocated engineer for a day. As I experienced such companies can give you the box (Cisco IPS, Checkpoint, Juniper, Sourcefire, whatever box) for a couple of days if they feel the smell of business :-). Whatever they feel, it is like a car, if you don't like you will leave it. So first of all, think it over what you need in future and what you have to monitor. - Topology of your company - Bandwidth of the sites - Have you sensitive hosts or servers on all sites? - Have you sensitive applications on all sites? - How many internet gateways you have? Have you that on all sites? - etc... Hope you can find something useful in my answer. If not maybe this one can help to start your journey in the world of snort: http://www.vmware.com/appliances/directory/185 http://www.vmware.com/appliances/directory/1310 Cheers, Akos -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Joel Esler Gesendet: Montag, 25. Mai 2009 21:57 An: ubernewbie Cc: [email protected] Betreff: Re: Need help/info I might suggest the Snort Mailing lists, available via Snort.org I might also suggest the forums, available at Snort.org. Furthermore I might also suggest the IRC channel on irc.freenode.net in #snort J On Wed, May 20, 2009 at 6:25 PM, ubernewbie <[email protected]> wrote: > > I work for a small company with a hub/spoke network. I've been tasked with > setting up an IDS(Snort) to begin monitoring security related events and > basically build out a security program/infrastructure. Do any of you have > any good sites/forums that go into the process of intrusion detection. I can > get the alerts from snort but there are so many that it it's hard to make > heads or tails. I'm looking for ideas on what to look for and what to pay > specific attention to. Also any good websites that alert/explain new > vulnerabilities would be great. Any help would be appreciated. > -- > View this message in context: > http://www.nabble.com/Need-help-info-tp23644667p23644667.html > Sent from the IDS (Intrusion Detection System) mailing list archive at > Nabble.com. > > > -- joel esler | Sourcefire
