Using snort to detect if your users are doing interesting things?

• Previous message (by thread): Using snort to detect if your users are doing interesting things?
• Next message (by thread): Using snort to detect if your users are doing interesting things?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> My suggestion, in the case that you'll use snort, is to do some extensive
>> testing on a non-production network.  Take the time to learn and
>> understand its functionality and intended purpose.
> Also figure out what you're going to do with the output.  Do you have 
> the resources to investigate apparent misbehavior?  Remember that any 
> IDS will have a certain false positive rate.  Even for true positives, 
> do you have the customer care resources to notify your users and (if 
> appropriate) hold their hands while they disinfect their machines.

it's  enough of a pita to clean up the syslogs from all the 25k/day
password attacjs per host, when one does not have password ssh
even enabled.

randy

• Previous message (by thread): Using snort to detect if your users are doing interesting things?
• Next message (by thread): Using snort to detect if your users are doing interesting things?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]