lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Dec  9 17:13:43 2005
From: measl at mfn.org (J.A. Terranson)
Subject: Snort as IDS/IPS in mission-critical enterprise
	network


On Fri, 9 Dec 2005, Native.Code wrote:

> Is Snort enterprise ready where it can be deployed to monitor
> mission-critical network?

Yes.  It is, and has been for some time.

> If any of you can name any big network which is using Snort as an example,
> it will be very helpful.

Because of NDA, I cannot *name* the network where I was a part of the team
installing and maintainting SNORT on a large network, but I can tell you
that this network is one of the top tier-1 NSPs.  I can tell you that
SNORT is the sole such product chosen for this purpose, and that it works
better than we could have possibly hoped for.  last I looked, SNORT was
being used on circuits as large as OC12s.

The problem isn't going to be your sensor (SNORT et al), but your back end
software - *that* part is a bitch!


-- 
Yours,

J.A. Terranson
sysadmin@....org
0xBD4A95BF


I like the idea of belief in drug-prohibition as a religion in that it is
a strongly held belief based on grossly insufficient evidence and
bolstered by faith born of intuitions flowing from the very beliefs they
are intended to support.

don zweig, M.D.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ