hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Intrusion detection
Reply

Forum Jump

Intrusion detection

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Junior Guru
 
Join Date: May 2002
Posts: 207

Intrusion detection


I am curious to know what others are using on their networks for intrusion detection. We are looking into finding a new solution and are looking for suggestions.


Thanks

__________________
Alvin Slocombe
E-Insites - "Web services, simplified."



Sponsored Links
  #2  
Old
Web Hosting Master
 
Join Date: Apr 2001
Posts: 2,588
What solution are you using now ? What OS ?

__________________
Beau Henderson

  #3  
Old
Junior Guru
 
Join Date: May 2002
Posts: 207
We are using snort, but it does not seem to catch everything.

__________________
Alvin Slocombe
E-Insites - "Web services, simplified."

Sponsored Links
  #4  
Old
Problem Solver
 
Join Date: Mar 2003
Location: California USA
Posts: 13,197
Do you use updated rules?

__________________
Steven Ciaburri | Proactive Linux Server Management - Rack911.com
System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
Managed Servers (AS62710), Server Management, and Security Auditing.
www.HostingSecList.com - Security notices for the hosting community.

  #5  
Old
Junior Guru
 
Join Date: May 2002
Posts: 207
I think it may be badly configured.

I am considering putting a new server in place and hiring someone to install snort for me on this server.

What hardware would you suggest thelinuxguy, and also would this be something you would be open to? You can email me at alvin@e-insites.com I will be leaving here in 5 minutes to go install new cabinets at our new datacenter, but I will have my laptop with me.

Thanks

__________________
Alvin Slocombe
E-Insites - "Web services, simplified."

  #6  
Old
Web Hosting Evangelist
 
Join Date: Dec 2003
Location: Brisbane, Queensland, Australia
Posts: 547
The intrusion detection system we use is Snort + updated rules and ACID as the php frontend.

You probably don't have Snort setup correctly.

I could help you with this.

  #7  
Old
Junior Guru
 
Join Date: May 2002
Posts: 207
We will have our Linux techs work on the server tomorrow. Thanks for all the help and suggestions.

__________________
Alvin Slocombe
E-Insites - "Web services, simplified."

  #8  
Old
Aspiring Evangelist
 
Join Date: Jun 2004
Location: Tampa Florida
Posts: 428
As someone who puts together snort sigs on a daily basis I have to say that your "Linux Techs" Probably dont have the knowledge to set this up properly. While snort is the best IDS engine by far, it is not the easiest to set up. The new Flow portscan preprocessor alone will give most people a headach just to look at the config. If properly configured though, It will catch more nasty activity than any other IDS system out there. It also has the fastest signature development comunity imaginable. We often have a rule out within minutes of an initial packet capture for an exploit.
My strong suggestion would be to have one person spend a week or so reading all the available documentation on Snort and Buy the Ingress book. It is very good. In a basic setup way.
If you have any basic questions Im sure there are enough of us here to give you a hand. Also the snort-misc mailing list is a very nice user community. If you post a basic question there you will not get flamed to death.

__________________
Rock solid hosting and dedicated servers since 1998!
StabilityHosting Where stability and uptime are king!

  #9  
Old
Junior Guru
 
Join Date: May 2002
Posts: 207
Thanks for the suggestion. A couple of our techs were well versed in Snort, and had read all sorts of books on it. What I did not mention was that we were doing it with three different servers, and we finally tracked the problem down to the mySQL server.

We have snort up and running correctly again now. Thank you for your help and suggestions.

Regards

__________________
Alvin Slocombe
E-Insites - "Web services, simplified."

Reply

Related posts from TheWhir.com
Title Type Date Posted
WHMCS Encourages Users to Upgrade as Part of Important Security Update Web Hosting News 2014-08-27 12:05:55
Proofpoint to Acquire Armorize Technologies for $25 Million Web Hosting News 2013-08-12 15:56:26
ServInt Offers Free Subscription of StopTheHacker Malware Detection Software Web Hosting News 2013-05-29 16:16:13
StopTheHacker Launches Version 3.7 of Website Security Tool Web Hosting News 2013-02-04 18:40:30
Nginx Web Server Adds Device Detection at Server Layer with dotMobi DeviceAtlas Module Web Hosting News 2013-01-09 11:33:22


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?