[Snort-users] re: Professionalism

James Fowler santiago at ...3498...
Thu Nov 15 20:03:02 EST 2001


On Thu, 15 Nov 2001, Scott Pham wrote:

> I couldn't have said it better :)) Well put !!
> --Scott
> -----Original Message-----
> From: Joe Pampel [mailto:joe at ...3851...]
> Sent: Wednesday, November 14, 2001 9:55 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] re: Professionalism
> couple things from an ex-suit (who gets to dress casual these days.
> Joy.)
> <self-indulgent rambling>
> 1. Snort has made it *possible* for me to include IDS in my IT budget. I
> "discovered" Snort at our firm,  and then architected and implimented a
> multi-sensor IDS system using machines we were taking out of service
> because I felt we needed to get on top of our security infrastructure by
> any means available. No one else much cared so I had to do it on the
> cheap. I put up an Apache web server with MySQL/ACID and bingo - I'm a
> hero (additional thanks goes to Michael Steele and the good folks at SD
> for their windoze 'how-to's' !!)  Thank you to all the developers,
> writers, etc that made this possible!!! It's amazing. And within a week
> of deployment it had already saved us from all sorts of things, in
> addition to helping us find mis-configured workstations and routers on
> our own LAN. I show it to every consultant or industry peer who comes to
> see our IT set up. Everyone has been very impressed with Snort. I hope
> they all roll it out in their shops. I think they're crazy if they
> don't. 
> 2.  FWIW I am mgt here (I have seen the enemy, and he is me!), only
> report to 2 people in the whole joint, and frankly with the kinds of
> things I've seen in CSS (OTS & custom) programs (ex: an operating error
> message in a 6-figure piece of software called "error: bong!" which as
> it turns out was completely undocumented...) leads me to feel that some
> funky potentially off color ref deep in some dusty config file of an OSS
> program doesn't mean a thing to me. MOF my install of Snort (just
> re-vamped it a couple weeks ago) does not have this ref at all.  No one
> else here knows what Snort is, or what it does for the most part, and no
> one else configures it. While it does not bother me I also have to
> concur that as a general rule I think OSS could do without this kind of
> thing..  Code walk throughs and configuration tasks are often (I
> imagine) the first impression many get of OSS software and so I would
> trust that the tradition of careful commenting etc continues. I would
> like to see OSS gain wider acceptance, not to overthrow any other firm
> or whatever but simply bc I feel the model lends itself to potentially
> *better* applications, faster bug fixes and a safer environment as
> admins can view the code and know what it running on their machines. I
> find great security & value in that. We are going to roll out more Linux
> machines here as a result of all this, and bc it will double the
> lifespan of our workstations and servers.. talk about a cost savings..
> but anyhow - 
> 3. I just want to close by saying I am *very* thankfull for OSS (esp
> Snort!), and the good folks who put so much hard work into it for the
> benefit of others.  I can only pity an organization which would
> write-off a truly outstanding app like Snort for one little dumb comment
> in a file somewhere buried where no one will likely ever see it.  That
> is myopic to the extreme and is truly throwing out the baby IMHO. Do you
> really think that the CSS apps are devoid of any odd comments or inside
> jokes within their code? Not that it makes it right, just saying it is
> everywhere and IMHO just a reflection of the long hours and stress that
> programmers/coders endure to bring these things to life. They're human
> beings after all. As for an organization that would terminate for such
> an "offense", I would never work for one. I find that sort of policy
> offensive not to mention oppressive.
> </self-indulgent rambling>
> Just my opinion, and worth what you paid for it. Hope I did not waste
> too much BW on my soap box.
> Cheers,
> Joe Pampel
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list

James Fowler
Technology & Education					
jamesf at ...3499...						ICQ: 22088266

More information about the Snort-users mailing list