[Snort-users] Getting more paranoid by the minute. :-/

Shaun T. Erickson ste at ...11690...
Sat Apr 24 18:36:03 EDT 2004

As I mentioned in an earlier post, I've been hired to set up several 
snort servers for a client. It's important that I do it right, or their 
customer's sensitive data will be compromised.

The more I read Syngress Snort 2.0 book (I'm in chapter 5), the more I 
understand that there are an endless number of attacks out there. I'm 
concerned that my lack of knowledge will let an attacker at the data. I 
can't let that happen.

How can I possibly learn enough, quickly enough, to write all the rules 
to protect my client, when I don't even know all the attacks and 
exploits that are out there?

I understand that snort comes with a standard set of rules, that I can 
update off the net, to stay current. Is this standard set of rules going 
to be enough to protect my client, initially, as I continue to learn snort?

I'm trying to absorb as much as I can, as fast as I can, but they need 
this installed NOW, and I'm just concerned that my ignorance, as I come 
up to speed, not cost them everything.

Advice? Suggestions? Valium? Please.


More information about the Snort-users mailing list