[Snort-users] Getting more paranoid by the minute. :-/

Shaun T. Erickson ste at ...11690...
Sat Apr 24 20:46:03 EDT 2004

Romulo M. Cholewa wrote:

> I would like to suggest that you look at the security as a process, not
> as a bunch of tools.

I will do my best to view it that way. Thanks. :)

> If you were hired to employ *only* snort sensors, you can't think that
> only the sensors will keep the potential risk out of the network. It
> will only warn you, if properly configured, when someone attempts to
> brake in. Concerning to deploying an IDS, keep in mind that reducing the
> number of false alerts is a nice goal to pursue.


> Also, try to work as close as possible to the guys doing the system
> hardening and implementation. They can tell you what are their goals, so
> you can screen the snort setup better.

It seems that *I'm* supposed to do the hardening, and so on: turning off 
unneeded services on all their servers, and otherwise locking them down, 
host-based firewalls, tripwire, running nessus to see if I overlooked 
anything. The only goal I've been given is to do it all as fast as 
possible, so that their customer's data will be protected and they can 
go live with their product.

I will do my best to ensure everything is secure, and to educate them 
that nothing is ever really secure, while keeping in mind everything you 
and the others have said. I really appreciate the advice, everyone. I'm 
a sponge, trying to soak up an ocean. :)


More information about the Snort-users mailing list