lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200509280931.j8S9ViaM028835@turing-police.cc.vt.edu>
Date: Wed Sep 28 10:31:57 2005
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Suggestion for IDS 

On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said:

> Our company plan to install IDS to protect our resources, I'm already read
> about snort as NIDS, but, that's software based. I'm interesting with
> hardware based that will work transparently with our Cisco PIX, no need to
> make changes in our firewall. What's your suggestion.

Step 1: Learn that there's no *true* hardware-based solutions here.  What you're
really buying is a box with a CPU, some memory, a network interface or three,
and some software.  Many "hardware" IDS are in fact just Snort-in-a-box, or
optimized-Snort-in-a-box.  Others will be some other "software in a box".

To understand why, consider why you can't get a high-speed line card from Cisco
(which *are* lots of black-magic ASIC hardware) to do any significant filtering
to the level that Snort inspects packets....

Step 2:  An IDS doesn't *protect* your resources, any more than a concealed
video surveillance camera protects anything.  It may tell you who did it, and
what they did, *after the fact*, but it won't *protect* you. (At least a
*visible* video cam might make the malefactor think twice - but who *ever*
has an IDS that's as visible as (say) the video cameras in a bank lobby??) :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050928/30aed9c8/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ