[ALUG] Intrusion Prevention and Detection System (IPDS)

loserian saiterie lwsaiterie at yahoo.com
Fri Feb 21 12:05:28 EAT 2014


Dear Colleagues 
thanks and appreciate for the information.
Will embark on having the SNORT.


regards

Loserian



On Friday, 21 February 2014, 11:48, Adili <amarandu at yahoo.co.uk> wrote:
 
Andreas I like your last paragraph by the way, by the way SNORT it fine its only need time and skill to configure it. Get yourself a descent high spec server will server the purpose instead of spending $$$ on purchasing a UTM box. 
 
------------------------------
Adili David Marandu, 
,    





________________________________
 From: Andreas Tauscher <ta at geuka.net>
To: loserian saiterie <lwsaiterie at yahoo.com>; Linux Users in Arusha <linux at lists.habari.co.tz> 
Sent: Thursday, 20 February 2014, 16:03
Subject: Re: [ALUG] Intrusion Prevention and Detection System (IPDS)
 


> Any one who knows the supplier of IPDS (software or hardware) for network in arusha?

Experience with hardware/appliances: Most are crap. Promising things
they can not fulfil.

First questions what kind of intrusion has to be detected or more exact:
What do you want to protect and
 why does it need protection?

If it is for example a web service you need, can not replace but the
supplier does not fix some bugs. A proxy like privoxy can help you
filtering.

And the best IDS is useless if it is not permanent updated or nobody is
reading and understanding the reports or receiving alerts.
Happened all: Spending thousands of dollars on snake oil hardware and it
stopped working years ago (and nobody recognized) because nobody was
clearing the alerts: Storage full. And why: The addresses and phone
numbers for alerts have been wrong.

The mentioned SNORT is fine. Working really good, but if nobody
understands how it is working and for what you are really looking it
ends up usually with a lot (all
 available) of rules enabled, causing
thousands of false alarms every day so nobody is giving attention to it
any more.

You must know exact for what you are looking.
A IDS is not a glass ball.
If you hope you buy it, switch it on and it will protect you: Better
place a cup of holy water beside the router. It will do the same job and
the saved money you invest then better in Nyama choma and beer.
And the prevention: It can only prevent what it knows about. But then is
my question always: Why is this not fixed in the protected software?

Andreas

_______________________________________________
The Arusha Linux User Group: http://unix.or.tz
Linux mailing list
Linux at lists.habari.co.tz
http://lists.habari.co.tz/cgi-bin/mailman/listinfo/linux

The Arusha LUG mailing list is generously hosted by Habari Node Ltd: http://www.habari.co.tz/

The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.



_______________________________________________
The Arusha Linux User Group: http://unix.or.tz
Linux mailing list
Linux at lists.habari.co.tz
http://lists.habari.co.tz/cgi-bin/mailman/listinfo/linux

The Arusha LUG mailing list is generously hosted by Habari Node Ltd: http://www.habari.co.tz/

The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20140221/799db154/attachment-0003.html>


More information about the Linux mailing list