On 11. juli 2013 at 9:23 PM, "Chris Cappuccio" <ch...@nmedia.net> wrote: >> >> Anybody have any thoughts on Snort vs Suricata? > >Code quality is going to be a big question with the new one, as it >always has been with Snort (does running this utility open up a >new attack vector on your network)
Yeah, good point. >> Also, how important is it to use an IDS if you run a server that >hosts a popular website? > >Depends on how well you configure the IDS and how well you monitor >it (and if you know what to even look for...) Maybe Snorby can help with that? https://github.com/Snorby/snorby >> I'm reading here (http://www.aldeid.com/wiki/Suricata-vs-snort): >> Suricata offers new features that Snort could implement in the >> future: multi-threading support, capture accelerators [...snip...] >> One advantage Suricata has is its ability to understand level 7 of >> the OSI model, which enhances its ability of detecting malwares. >> Suricata has demonstrated that it is far more efficient than Snort >> for detecting malwares, viruses and shellcodes. > >Snort is different, I don't see why you expect that it will >suddenly become equivalent. Both are supposed to help you detect intrusions so in that sense I guess they're the same? >For high-speed capture and analysis, a dedicated box with netmap >is much better for tools like this. I think i should finish the >port that I was working on :) Which one, /usr/ports/security/suricata? O.D.
