[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 4204



File: 1487340819034.png (43.81 KB, 200x300, 12407_1184083496838_1670772903_395233_158850_n_1_.jpg)

No.4204

Hey,
i need your help. How do i know that my network/system isn´t compromised? Where do i start with IDS? What Software should i use?

Also general discussion on IDS.

  No.4210

most SIEMS devices I used were alienvaults
https://www.alienvault.com/products/ossim

It's open source free,

  No.4331

I really like BRO and SNORT. You can run snort on a pfSense box on the edge of your network.

  No.4646

IDS is only worth if you fine tuned it ( because of many reports will be generated for useless stuff that is not harmful. )
IPS actually blocks and also worth if you either have great community lists or fine tuned it.