snort

Discussion in 'Computer Security' started by Dan, Jan 7, 2004.

  1. Dan

    Dan Guest

    Is it worth paying $10,000 for source fire to make using SNORT easier?
    Does using source fire with SNORT make SNORT a middle weight IDS solution as
    opposed to a lightweight?

    http://www.insecure.org/tools2000.html

    _Or_ is it worth the time and energy to write your own scripts and updates.
     
    Dan, Jan 7, 2004
    #1
    1. Advertising

  2. "Dan" <> wrote in message
    news:...
    > Is it worth paying $10,000 for source fire to make using SNORT easier?
    > Does using source fire with SNORT make SNORT a middle weight IDS solution

    as
    > opposed to a lightweight?
    >
    > http://www.insecure.org/tools2000.html
    >
    > _Or_ is it worth the time and energy to write your own scripts and

    updates.

    IMHO. Let's say that again: "IMHO"

    Any IDS tool (or something that acts as an IDS tool) is only useful if
    someone can act on the results.

    Not sure where $10k came from..? It's an interesting interface to LibPCap,
    isn't it? Just like Ethereal? Are you looking at buying-in a monitoring
    service, or deploying something yourself? Did I miss something about
    Commercial licensing?

    Please point out where the shoe's going to drop.. ;o)

    H1K
     
    Hairy One Kenobi, Jan 8, 2004
    #2
    1. Advertising

  3. "Dan" <> wrote in message
    news:...
    > Is it worth paying $10,000 for source fire to make using SNORT easier?
    > Does using source fire with SNORT make SNORT a middle weight IDS solution

    as
    > opposed to a lightweight?
    >
    > http://www.insecure.org/tools2000.html
    >
    > _Or_ is it worth the time and energy to write your own scripts and

    updates.

    No! A friend of mine bought sourcefire box for their school. The thing was a
    waste of money. They had to send it back at least two times for repairs. It
    never worked properly.

    If you're going to use Snort, just save your money and build your own
    system. Or use a different IDS entirely.

    Alex
     
    Alexander Delarge, Jan 8, 2004
    #3
  4. In article <>, bitsandbytes88
    @hotmail.com says...
    > Is it worth paying $10,000 for source fire to make using SNORT easier?
    > Does using source fire with SNORT make SNORT a middle weight IDS solution as
    > opposed to a lightweight?
    >
    > http://www.insecure.org/tools2000.html
    >
    > _Or_ is it worth the time and energy to write your own scripts and updates.
    >


    Setup snort to log to mysql then front end it with acid. If you need
    help with the setup, there are half a dozen open source front ends to
    help. If you are willing to put in the config time, you can build a
    very nice solution from snort with remote probes at all ingress and
    egress points centrally logging with a nice web interface for anlyzation
    of results all from freely available software. I've done such for a
    number of larger companies with excellent results. Spend the money on
    hardware.

    /steve
    --
    You simply cannot get more server side control of
    your e-mail without running your own mail server and
    knowing how to program.
    http://www.cotse.net/privacyservice.html
     
    Stephen K. Gielda, Jan 8, 2004
    #4
  5. Dan

    John Guest

    On Wed, 07 Jan 2004 09:39:19 -0500, Dan wrote:

    > Is it worth paying $10,000 for source fire to make using SNORT easier?
    > Does using source fire with SNORT make SNORT a middle weight IDS solution as
    > opposed to a lightweight?
    >
    > http://www.insecure.org/tools2000.html
    >
    > _Or_ is it worth the time and energy to write your own scripts and updates.



    You may be confused about "lightweight IDS". The term refers to the
    adaptability/flexibility of the program, not its capability.

    In other words, snort runs on multiple platforms, is relatively easy to
    setup and doesn't require lots of power from the host system.

    Can't speak for the price you quote but Sourcefire sells hardware
    solutions using snort plus technical support. You can roll your own rather
    easily if you have someone available with good network/security skills.
    Updated signatures are available from a variety of sources, you can also
    create or modify existing signatures unlike many proprietery IDS systems.
     
    John, Jan 8, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Frank E Relaxx

    Configure Cisco switch for Snort

    Frank E Relaxx, Sep 13, 2004, in forum: Cisco
    Replies:
    1
    Views:
    1,234
    Walter Roberson
    Sep 13, 2004
  2. Iris

    Cisco 2950 and Snort

    Iris, Mar 21, 2005, in forum: Cisco
    Replies:
    0
    Views:
    501
  3. Lord Shaolin
    Replies:
    2
    Views:
    1,152
    Lord Shaolin
    Aug 12, 2003
  4. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Intrusion Detection with Snort", Jack Koziol

    Rob Slade, doting grandpa of Ryan and Trevor, Oct 7, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    683
    Rob Slade, doting grandpa of Ryan and Trevor
    Oct 7, 2003
  5. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Intrusion Detection with Snort", Rafeeq Ur Rehman

    Rob Slade, doting grandpa of Ryan and Trevor, Oct 13, 2003, in forum: Computer Security
    Replies:
    1
    Views:
    660
    Tommy
    Oct 13, 2003
Loading...

Share This Page