Koozali.org: home of the SME Server
Legacy Forums => Suggestions => Topic started by: John Quirk on November 02, 2001, 02:37:53 AM
-
I feel this is one feature that is really missing from e-smith, currently using 4.1.2.
Something like Snort looks like a good solution.
Since I haven't looked at 5.0 but from the manual it looks like it still does not
have good log file tools.
-
Hi,
Just the odd two cents worth....
While I'd love to have Snort as an easily installable blade, I think it's very much a double edged sword to have as a standard install.
IDS is only one part of producing a secure system. It also requires a fair amount of knowldege, full time monitoring and an intelligent preset of response procedures.
Without these you tend to wind up with Users doing one or more of the following:
- Getting alarmed over false positives
- Ignoring the log/message data altogether
- Never updating the snort configs for newer attack types
- Not knowing what to do when a true attack does happen
It's like installing a home alarm system without knowing anything about locking up, alarm codes or emergency telephone numbers.
IDS only makes sense when you've got the resources to deal with it.
Regards,
Luke