Linux Today: Linux News On Internet Time.

When Snort is Not Enough

Jun 03, 2008, 06:00 (1 Talkback[s])
(Other stories by Richard Bejtlich)

"As an independent security consultant I offered a course to customers called Network Security Operations, which covered network-centric intrusion detection, response and forensics. Students often asked, 'Is this the Snort course?' And I answered, 'Not exactly, but you're probably in the right place.'

"I've been inspecting and acting upon network traffic for 10 years. When I tell people that I use network traffic as one means to detect and respond to intrusions, many respond by saying, 'So you use Ethereal, right?' I find myself responding in a similar manner to the Snort question: 'Not exactly, but sometimes...'"

Complete Story

Related Stories: