[Snort-users] *very* many snort installations..

Jason Haar Jason.Haar at ...294...
Wed Nov 26 15:02:05 EST 2003

On Thu, 2003-11-27 at 04:46, Michael Steele wrote:
> The solution is not to install Snort on every workstation.

Strange - companies like Symantec would disagree with you. They
certainly think there's a future in host-based IDS.

Of course, the IDS is easy - it's the centralised management that's
hard... How you handle 10,000 hosts all sending 100 alerts/sec to your
central console when SLAMMER-IV hits one machine is beyond me ;-)

[to be fair, I'm confusing centralised management with centralised
logging here]


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-users mailing list