[Snort-users] IDS / IPS Bake time

Peter Bates peter.bates at ...15381...
Thu Sep 13 11:03:13 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 13/09/2012 14:49, Turnbough, Bradley E. wrote:
> Is it common practice to implement Snort as an IDS first and let it
> bake for a while before it gets 'upgraded' to an IPS?

That would make some sort of sense if you're acquainting yourself with
Snort and/or the idea of an IDS/IPS and looking to baseline the activity.

At the end of the day I would say the choice between IDS/IPS is all
about the architecture of your network - in some cases where the
slightest FP or outage is damaging to your business then you're not
going to run an IPS.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQUfWxAAoJELhVoVpEMS6R9EIH/jXSrirBs2h8Lf4UMFhNC3XN
KXiPxRyttBRc+CdUwoQmEXw6fLVzUeyQJH+ycpwYmSfL/2Mk5MAggYgn3RCSau0b
ZssQZl6qUDAzNA17rtwO5+So6PTlyisizy1qq2kgF1ew9iw8xn5lkGmmWbCAMerw
qxCb+b3quh4hBOSzTBXCAWDLrDxbfe1xCnSU8yLE79SSy1xuGsVlZb49JZy5KJLU
9n5x37HkJX1KxkRaMCQq4Paasc5UgvUu8+70jXBcv9Hq1XtVWfMkPRSpm7jMcRWv
YxdDjwBFLWwsia1wNhRJ6E5i/qhCxlNUGznUzmX7eiCtkN8Zud/HZCAzRlmD/yg=
=1sD2
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list