gbinder at ...462...
Fri Oct 27 11:18:38 EDT 2000
Andrea Barisani on Fri, Oct 27, 2000 at 01:08:15PM +0200:
> I think that it would be nice writing a general IDS-HOWTO, defining common
> intrusion detection system installation and configuration but also general
> policies and actions to take against an intrusion, rules for
> interpretation of log files and packet dump, hints for avoiding false
> alerts, other general procedures for maintenance and so on...
the things you mention are enough to fill a book if you want to do
more than scratch the surface of each topic. In fact, they have
already filled a book (Stephen Northcutt, Network Intrusion Detection,
An Analyst's Handbook) that I can recommend if you are looking for
Don't expect to find installation instructions for specific products,
this in turn is what I would think a HOWTO is for. Even though I don't
find snort particularly hard to deploy and the documentation that
comes with it is fairly good in that respect.
Don't let that stop you though .. :)
Gregor Binder <gbinder at ...462...> http://www.sysfive.com/~gbinder/
sysfive.com GmbH UNIX. Networking. Security. Applications.
Gaertnerstrasse 125b, 20253 Hamburg, Germany TEL +49-40-63647482
More information about the Snort-users