[ALUG] Intrusion Prevention and Detection System (IPDS)
Andreas Tauscher
ta at geuka.net
Fri Feb 21 17:57:13 EAT 2014
> Dear Colleagues
> thanks and appreciate for the information.
> Will embark on having the SNORT.
Fine!
A really powerful and flexible tool.
Best snort is running as a man in the middle. Or if you have a switch
with management options connecting SNORT to a port configured as
monitor. But don't forget: The monitoring port must have at least the
double bandwidth of the ports monitored.
The reports are bes generated on a separate machine.
It depends which bandwidth you have to monitor.
Then have a look at the SNORT homepage at http://snort.org to find a
tool bringing the logs/database record snort is generating in to a easy
readable format.
Andreas
More information about the Linux
mailing list