[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 4204

File: 1487340819034.png (43.81 KB, 200x300, 12407_1184083496838_1670772903_395233_158850_n_1_.jpg)


i need your help. How do i know that my network/system isn´t compromised? Where do i start with IDS? What Software should i use?

Also general discussion on IDS.


most SIEMS devices I used were alienvaults

It's open source free,


I really like BRO and SNORT. You can run snort on a pfSense box on the edge of your network.


IDS is only worth if you fine tuned it ( because of many reports will be generated for useless stuff that is not harmful. )
IPS actually blocks and also worth if you either have great community lists or fine tuned it.