[oclug] snort and IDS stuff
tcurtis at somaradio.ca
Thu Jun 26 16:15:21 EDT 2003
On Thu, Jun 26, 2003 at 07:13:35AM -0400, Bill Strosberg offered:
> Hi Bruce!
> IDS boxes are usually located either outside the firewall and/or inside
> the firewall - they are not generally installed on the firewall. AN IDS
> in and of itself does not provide any protection - rather it provides a
> warning of attacks in progress or a log of attcks that have taken place.
I've seen people suggest putting something like Portsentry, or Snort on
a firewall. I thought the idea behind that was to catch anything that
got through the "firewall rules", and alter the admin(s). Is this not
such a great idea?
Trevor Curtis <tcurtis at somaradio.ca>
"It don't mean a thing if it ain't got that swing"
More information about the OCLUG