When Snort is Not Enough
Jun 03, 2008, 06:00 (1 Talkback[s])
(Other stories by Richard Bejtlich)
"As an independent security consultant I offered a course to
customers called Network Security Operations, which covered
network-centric intrusion detection, response and forensics.
Students often asked, 'Is this the Snort course?' And I answered,
'Not exactly, but you're probably in the right place.'
"I've been inspecting and acting upon network traffic for 10
years. When I tell people that I use network traffic as one means
to detect and respond to intrusions, many respond by saying, 'So
you use Ethereal, right?' I find myself responding in a similar
manner to the Snort question: 'Not exactly, but sometimes...'"