[Cialug] Intrusion Detection/Prevention

Josh More morej at alliancetechnologies.net
Mon Dec 12 09:18:23 CST 2005


Tim, 
 
If you are interested, I belive that I can help you out.  I do security,
best practice, 
and Linux consulting for Alliance Technologies.  If you are interested,
give me 
a call, and we can discuss how much assistance you need, what levels of
security 
are important to you, and how best we can help you. 
 
 



-- 
-Josh More, RHCE, CISSP, NCLP 
morej at alliancetechnologies.net 
515-245-7701

>>>tim at perdue.net 12/09/05 3:32 pm >>>
Aaron Porter wrote:
>On 12/9/05, *Nathan C. Smith* <smith at ipmvs.com
<mailto:smith at ipmvs.com>>
>wrote:
>
>    Anyone use anything?  I'm not sold on the concept - maybe I don't
>    understand
>    it.  If you lock everything down it shouldn't be an issue should
>    it?  Don't
>    you want to know about new attacks that were/are successful?
>
>
>If a bank locks their vault at night, why have a security camera? IDS
>software can be really nice to keep an eye on your network; even if
>there is no hacking. I've run both Snort and Bro. Snort was nice
because
>it was incredibly well supported and very well documented. Bro
>(http://bro-ids.org/) is nice because rather than matching an exploit
>string can watch for a regex, but the most valuable feature to me is
>that it watches for strange traffic. SMTP/ssh/etc on odd ports,
>strange tcp connection patterns, etc. Sometimes it sends me scrambling
>after a Skype user by accident, but it does a pretty good job of
>filtering alerts.

Does anyone locally do some consulting on this sort of stuff? I have 4
public-facing servers that I would like to have someone evaluate and
lock down to some extent.

Tim

Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20051212/131f1200/attachment.html


More information about the Cialug mailing list