[Snort-users] IDS / IPS Bake time
peter.bates at ...15381...
Thu Sep 13 11:03:13 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 13/09/2012 14:49, Turnbough, Bradley E. wrote:
> Is it common practice to implement Snort as an IDS first and let it
> bake for a while before it gets 'upgraded' to an IPS?
That would make some sort of sense if you're acquainting yourself with
Snort and/or the idea of an IDS/IPS and looking to baseline the activity.
At the end of the day I would say the choice between IDS/IPS is all
about the architecture of your network - in some cases where the
slightest FP or outage is damaging to your business then you're not
going to run an IPS.
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Snort-users