[ALUG] Intrusion Prevention and Detection System (IPDS)

Adili amarandu at yahoo.co.uk
Fri Feb 21 11:47:48 EAT 2014


Andreas I like your last paragraph by the way, by the way SNORT it fine its only need time and skill to configure it. Get yourself a descent high spec server will server the purpose instead of spending $$$ on purchasing a UTM box. 
 
------------------------------
Adili David Marandu, 
,    





________________________________
 From: Andreas Tauscher <ta at geuka.net>
To: loserian saiterie <lwsaiterie at yahoo.com>; Linux Users in Arusha <linux at lists.habari.co.tz> 
Sent: Thursday, 20 February 2014, 16:03
Subject: Re: [ALUG] Intrusion Prevention and Detection System (IPDS)
 


> Any one who knows the supplier of IPDS (software or hardware) for network in arusha?

Experience with hardware/appliances: Most are crap. Promising things
they can not fulfil.

First questions what kind of intrusion has to be detected or more exact:
What do you want to protect and why does it need protection?

If it is for example a web service you need, can not replace but the
supplier does not fix some bugs. A proxy like privoxy can help you
filtering.

And the best IDS is useless if it is not permanent updated or nobody is
reading and understanding the reports or receiving alerts.
Happened all: Spending thousands of dollars on snake oil hardware and it
stopped working years ago (and nobody recognized) because nobody was
clearing the alerts: Storage full. And why: The addresses and phone
numbers for alerts have been wrong.

The mentioned SNORT is fine. Working really good, but if nobody
understands how it is working and for what you are really looking it
ends up usually with a lot (all available) of rules enabled, causing
thousands of false alarms every day so nobody is giving attention to it
any more.

You must know exact for what you are looking.
A IDS is not a glass ball.
If you hope you buy it, switch it on and it will protect you: Better
place a cup of holy water beside the router. It will do the same job and
the saved money you invest then better in Nyama choma and beer.
And the prevention: It can only prevent what it knows about. But then is
my question always: Why is this not fixed in the protected software?

Andreas

_______________________________________________
The Arusha Linux User Group: http://unix.or.tz
Linux mailing list
Linux at lists.habari.co.tz
http://lists.habari.co.tz/cgi-bin/mailman/listinfo/linux

The Arusha LUG mailing list is generously hosted by Habari Node Ltd: http://www.habari.co.tz/

The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20140221/29677722/attachment-0001.html>


More information about the Linux mailing list