[prev in list] [next in list] [prev in thread] [next in thread]
List: jaxlug-list
Subject: Re:[JaxLUG] Off Topic - Intrusion Detection
From: Shabbir Bashir <shabbirbashir1 () yahoo ! com>
Date: 2003-10-20 12:42:54
[Download RAW message or body]
Sorry for the late reply as I was attending SANS Track
3 in NC. After attending that week long course in
Intrusion detection technology, I strongly feel that
it is a job for a full time analyst to maintain and
fine tune the IDS (sensors and console), as well as
keep up with incidents.org on detecting new trends and
patterns.
Unless you have a dedicated person/s to do all that,
you would be spreading yourself pretty thin.
I met someone from lurhq at the conference and
discussed managed security providers in detail. In
short, MSP's usually place an IDS sensor or two on
your network, which connects to their management
console via dedicated link, the sensors are configured
remotely to raise alarms on new attack patterns.
Detecting false positives and false negatives becomes
their responsibilty freeing you from
a, writing or managing an app that sorts through tons
of logs. (idabench, shadow, etc....)
b, dedicating a person to do the above.
We can talk more about it at the meeting.
Just my two cents.
Shabbir
--- Kevin Castle <kevin@abunchofidiots.com> wrote:
I am looking at purchasing some more intrusion
detection hardware for
work. My other thought was to hire a company to
provide the service
instead of purchasing the hardware and having to
maintain it myself.
Any thoughts or recommendations?
Thanks,
Kevin
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
_______________________________________________
Jaxlug-list mailing list
http://mailman.jaxlug.org/mailman/listinfo/jaxlug-list
Send email to jaxlug-list-admin@jaxlug.org for any problems.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic