[Snort-users] how to acquire best setting of snort rules?
jesler at ...1935...
Sun Apr 17 09:34:15 EDT 2011
On Apr 16, 2011, at 9:34 AM, "M.Turner Turner" <msbzag at ...11827...> wrote:
> how to acquire best setting of snort rules?
> can i change the action of all rules to reject, to achive the best security?
You can, I don't think I'd recommend that. You'd reject legitimate traffic as well as harmful. I'd also recommend "drop" instead of reject.
> can i enable all rules , to achive the best security?
You can, but performance on the sensor would be hurt, and you'd have to deal with a very large alert rate.
You should try a Snort install and give it a shot.
More information about the Snort-users