[Snort-users] re: Professionalism

Joe Pampel joe at ...3851...
Wed Nov 14 06:56:16 EST 2001

couple things from an ex-suit (who gets to dress casual these days. Joy.)

<self-indulgent rambling>
1. Snort has made it *possible* for me to include IDS in my IT budget. I "discovered" Snort at our firm,  and then architected and implimented a multi-sensor IDS system using machines we were taking out of service because I felt we needed to get on top of our security infrastructure by any means available. No one else much cared so I had to do it on the cheap. I put up an Apache web server with MySQL/ACID and bingo - I'm a hero (additional thanks goes to Michael Steele and the good folks at SD for their windoze 'how-to's' !!)  Thank you to all the developers, writers, etc that made this possible!!! It's amazing. And within a week of deployment it had already saved us from all sorts of things, in addition to helping us find mis-configured workstations and routers on our own LAN. I show it to every consultant or industry peer who comes to see our IT set up. Everyone has been very impressed with Snort. I hope they all roll it out in their shops. I think they're crazy if they don't. 

2.  FWIW I am mgt here (I have seen the enemy, and he is me!), only report to 2 people in the whole joint, and frankly with the kinds of things I've seen in CSS (OTS & custom) programs (ex: an operating error message in a 6-figure piece of software called "error: bong!" which as it turns out was completely undocumented...) leads me to feel that some funky potentially off color ref deep in some dusty config file of an OSS program doesn't mean a thing to me. MOF my install of Snort (just re-vamped it a couple weeks ago) does not have this ref at all.  No one else here knows what Snort is, or what it does for the most part, and no one else configures it. While it does not bother me I also have to concur that as a general rule I think OSS could do without this kind of thing..  Code walk throughs and configuration tasks are often (I imagine) the first impression many get of OSS software and so I would trust that the tradition of careful commenting etc continues. I would like to see OSS gain wider acceptance, not to overthrow any other firm or whatever but simply bc I feel the model lends itself to potentially *better* applications, faster bug fixes and a safer environment as admins can view the code and know what it running on their machines. I find great security & value in that. We are going to roll out more Linux machines here as a result of all this, and bc it will double the lifespan of our workstations and servers.. talk about a cost savings.. but anyhow - 

3. I just want to close by saying I am *very* thankfull for OSS (esp Snort!), and the good folks who put so much hard work into it for the benefit of others.  I can only pity an organization which would write-off a truly outstanding app like Snort for one little dumb comment in a file somewhere buried where no one will likely ever see it.  That is myopic to the extreme and is truly throwing out the baby IMHO. Do you really think that the CSS apps are devoid of any odd comments or inside jokes within their code? Not that it makes it right, just saying it is everywhere and IMHO just a reflection of the long hours and stress that programmers/coders endure to bring these things to life. They're human beings after all. As for an organization that would terminate for such an "offense", I would never work for one. I find that sort of policy offensive not to mention oppressive.
</self-indulgent rambling>

Just my opinion, and worth what you paid for it. Hope I did not waste too much BW on my soap box.


Joe Pampel

More information about the Snort-users mailing list