>From the host end, I've found OSSEC to be very useful. It takes a little >tuning (as do most of these solutions) but I've found it does a great job. I've actually got it running on my own VPS too.
On Fri, Feb 28, 2014 at 12:28:34PM -0500, Matt Disney wrote: > There are a variety of factors here. I assume you mean a network-based > IDS, rather than host-based, and that you want to do packet inspection. > > Snort, suricata, and bro are popular open source options. I recommend > subscribing to some kind of threat feed to get new IDS rules from a vendor > or community. I'm not sure what's available for suricata or bro but for > Snort you could get the emergingthreats feed or pay for the VRT from > Sourcefire/Cisco (the corporate ummm sponsor of Snort). > > If you want high performance, say 10Gb, then your needs are sorta special. > > I've liked the scenario of deploying both snort with a threat feed and bro > as complementary. I haven't played with suricata. > > Is this the kind of thing you have in mind? If you have a big budget there > are also commercial options we could discuss. > Matt > > On Fri, Feb 28, 2014 at 11:25 AM, Ali Sajid Imami > <ali.sajid.im...@gmail.com> wrote: > > At work, we have been tasked with setting us up for various security > certifications. one step is putting a good IDS in place. I was wondering > if people here had any good recommendations? > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
