[ale] Intrusion Detection. LIDS
Jonathan Rickman
jonathan at xcorps.net
Mon Jul 30 17:22:53 EDT 2001
I have snort running in a distributed environment on a 33 node (read: router)
WAN. Old 486 sits behind each router logging away. Shell script from home office
pulls the logs in to a central server every night for review in the AM. Alerts
sent to pager via SMTP. Takes a lot of work to configure, but it works really
well. There are several third party (mostly open source) tools that will
generate reports, or you can just use a perl script to parse the logs and dump
to html. Freshmeat.net is your friend. Personally, I'd stick with what you have
and run snort on the linux firewall, sending alerts via smtp and logging to an
external syslog server. ISS makes pretty good stuff...don't even consider
throwing it out.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
On Mon, 30 Jul 2001 SAngell at nan.net wrote:
>
>
> Does anyone out there use Linux based Intrusion Detection to protect their
> network? If so what are you using and where are all the great resources? Do any
> have web management interfaces? Lastly, do they have the capability to generate
> reports? I currently have ISS real secure deployed along with Checkpoint FW-1
> and am in the process of adding an internal firewall running linux and would
> like to have an internal network sensor on linux to monitor LAN for traffic
> outside of DMZ. Current network sensor is located between firewall and router
> and with the cost of the licensing for ISS I would like another option.
>
> Steve Angell, MCSE, CCNA
> MIS Operations Manager
> TSYS Total Debt Management
> Phone 770-409-5570
> Fax 770-416-1752
>
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list