__________________ Steven Ciaburri | Proactive Linux Server Management- Rack911.com System Administration Extraordinaire | Follow us on twitter:@Rack911Labs Managed Servers (AS62710), Server Management, and Security Auditing. www.HostingSecList.com - Security notices for the hosting community.
I am considering putting a new server in place and hiring someone to install snort for me on this server.
What hardware would you suggest thelinuxguy, and also would this be something you would be open to? You can email me at email@example.com I will be leaving here in 5 minutes to go install new cabinets at our new datacenter, but I will have my laptop with me.
As someone who puts together snort sigs on a daily basis I have to say that your "Linux Techs" Probably dont have the knowledge to set this up properly. While snort is the best IDS engine by far, it is not the easiest to set up. The new Flow portscan preprocessor alone will give most people a headach just to look at the config. If properly configured though, It will catch more nasty activity than any other IDS system out there. It also has the fastest signature development comunity imaginable. We often have a rule out within minutes of an initial packet capture for an exploit.
My strong suggestion would be to have one person spend a week or so reading all the available documentation on Snort and Buy the Ingress book. It is very good. In a basic setup way.
If you have any basic questions Im sure there are enough of us here to give you a hand. Also the snort-misc mailing list is a very nice user community. If you post a basic question there you will not get flamed to death.
__________________ Rock solid hosting and dedicated servers since 1998! StabilityHosting Where stability and uptime are king!
Thanks for the suggestion. A couple of our techs were well versed in Snort, and had read all sorts of books on it. What I did not mention was that we were doing it with three different servers, and we finally tracked the problem down to the mySQL server.
We have snort up and running correctly again now. Thank you for your help and suggestions.