|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: robert_david_graham (robert_david_graham
yahoo.com)Date: Wed Jan 09 2002 - 18:34:13 CST
BlackICE Guard does this.
Hogwash does it for Snort.
You have to consider the possibility of false-positives introducing problems
on the connection. The "Guard" product (from my company) contains a tuned
policy for this. There are tuned signatures sets by people who use Hogwash.
> -----Original Message-----
> From: Mike Hrubes [mailto:MHrubeswizmo.com]
> Sent: Wednesday, January 09, 2002 12:30 PM
> To: FOCUS-IDSSECURITYFOCUS.COM
> Subject: Newbie IDS questions
>
>
> Hi all,
>
> I'm new to the IDS world. I understand what an IDS does, and why you
> need it, but I have some questions on the technical aspect of IDS. We
> are planning on implementing an IDS in the near future. The idea that
> has been proposed is to put the IDS in the path between connections,
> rather than connected in promiscuous mode. The reason they want to do
> this is so they can also run a blocking software, like portsentry, to
> block unwanted scans, etc.
>
> Is this even possible to do? The idea is to use a linux
> server running
> snort. This box would have two interfaces to route the
> traffic through
> it, scanning the signatures at the same time.
>
> Possible/not possible? If possible, good idea/bad idea? Opinions in
> general?
>
> Thanks in advance,
>
> Mike Hrubes
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]