I’m currently testing out and so far happy with JumpCloud.com for a host based IDS (as well as auth and patch monitoring).
cjs On Feb 28, 2014, at 11:44 AM, Paul Graydon <[email protected]> wrote: > From the host end, I've found OSSEC to be very useful. It takes a little > tuning (as do most of these solutions) > but I've found it does a great job. I've actually got it running on my own > VPS too. > > On Fri, Feb 28, 2014 at 12:28:34PM -0500, Matt Disney wrote: >> There are a variety of factors here. I assume you mean a network-based >> IDS, rather than host-based, and that you want to do packet inspection. >> >> Snort, suricata, and bro are popular open source options. I recommend >> subscribing to some kind of threat feed to get new IDS rules from a vendor >> or community. I'm not sure what's available for suricata or bro but for >> Snort you could get the emergingthreats feed or pay for the VRT from >> Sourcefire/Cisco (the corporate ummm sponsor of Snort). >> >> If you want high performance, say 10Gb, then your needs are sorta special. >> >> I've liked the scenario of deploying both snort with a threat feed and bro >> as complementary. I haven't played with suricata. >> >> Is this the kind of thing you have in mind? If you have a big budget there >> are also commercial options we could discuss. >> Matt >> >> On Fri, Feb 28, 2014 at 11:25 AM, Ali Sajid Imami >> <[email protected]> wrote: >> >> At work, we have been tasked with setting us up for various security >> certifications. one step is putting a good IDS in place. I was wondering >> if people here had any good recommendations? >> _______________________________________________ >> Tech mailing list >> [email protected] >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ > >> _______________________________________________ >> Tech mailing list >> [email protected] >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ > > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
