When Snort is Not Enough |
|
| BugsAlert Home > When Snort is Not Enough | |
|
LinuxSecurity.com: Once alert generation (intrusion detection) mode is enabled, the matter becomes complicated. Snort is no longer rendering or logging -- it has become a Traffic Intelligence System (TIS), as described in the last Snort Report. A TIS is valuable if it's trusted. Trust comes from being able to understand how a tool came to a certain conclusion. For example, if Snort reports seeing Attack X, you want to know how Snort made that judgment. This article brings up some good points about intrusion detection. What do you feel is the state of intrusion detection software like Snort? Are they effective enough to implement on your network? Original Source: http://www.linuxsecurity.com/content/view/138359?rdf Learn more about When Snort is Not Enough |
|
| Tags: snort | |
Related Items |
|
|
C4 Security Advisory - ABB PCU400 4.4-4.6 Remote Buffer Overflow
|
|
|
Debian Security Update Fixes Ruby Multiple Security Bypass Vulnerabilities
|
|
|
CVE-2007-5851 (Mac OS X)
|
|
|
CJ Ultra Plus <= 1.0.4 Cookie Remote SQL Injection Exploit
|
|
|
Vuln: Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling Buffer Overflow Vulnerability
|
|
|
CVE-2007-5605 (Instant Support)
|
|
|
Brief: DHS issues REAL ID requirements
|
|
