Clearing disk
-
@Gertjan Well I think we're from the same generation. I put myself through college selling Apple ]['s with that 6502 so I realize how far we've come from that. Thank God for the GUI or otherwise we'd be read our news online from a news service called The Source with green letters scrolling across the screen at 300 baud. I was a victim of a hack recently so I'm trying to get my "chops" up better to protect myself so getting the better router and putting up a my best defense has now been planted in my DNA. All your preventative methods you speak of are nice and were practiced by me but to no avail. I can tell you there are a lot of shitty people out there and I would like to do whatever I can to keep them at bay short of simply throwing out my computer but that isn't too practical these days.
...so I keep on keeping on...
-
https://people.clarkson.edu/~jmatthew/publications/SPIE_SnortSuricata_2013.pdf
-
@JohnKaul Thanks John. A bit dated but interesting nonetheless.
-
@ILIKENETGATE said in Clearing disk:
I think I'll keep these two on for now
Your going to continue to run 2 IPS, both at the same time? Really? And you don't see a problem with that?
Dude pick one and use it, if you think is protecting you... Not both! You don't run 2!!
-
@ILIKENETGATE said in Clearing disk:
@JohnKaul Thanks John. A bit dated but interesting nonetheless.
No problem but I hope you didn't miss the point. Date has nothing to do with it; that link was to show you the history -i.e. that one is the replacement for the other (you use one or the other, not both). Read the paper, it's a quick 15 minute read (and it's quite interesting).
@johnpoz said in Clearing disk:
<snip>
Dude pick one and use it, if you think is protecting you... Not both! You don't run 2!!^^ What he said.
-
@JohnKaul No I did read the article. My comment about the datedness of it was that haven't these two leapfrogged each other over the past 6 years since they were both tested. Snort seemed interesting to me with it's $30 a year subscription that helps pay for what they do. Playing devil's advocate, what's wrong using both? It seems my 3100 is keeping up with it and computers are speedy when browsing. Go easy on me as I'm a newby and want learn...
-
@ILIKENETGATE, I'm a newbie too. If the 3100 has more then one core, just run Suricata. But before you turn it on, establish what you want to do with it -i.e. monitor certain aspects of your infrastructure or etc. The point behind them both/either is that you need to check your logs. You use the tool to keep an eye on your setup and make improvements (it is not a "turn it on to keep me safe" thing, per se).
I know nothing, other then a very, very high-level overview of these types of tool(s)--because I hate this hardware and network stuff--so, I'd do a lot of reading if I were you (take what I say with a grain of salt). And if I'm honest, I have a friend--into this network security stuff--who's been urging me down a certain path but what he wants to do will require me to actually do some work, so I'm here only because I'm researching an easy way out. ...I want to just buy a thin client and install OpenBSD on it for my firewall.
-
@ILIKENETGATE Another question. So it looks like reading the article again that Suricata is better overall. I caught a sentence in there that Suricata gleans it's beginnings from Snort's initial work. So does the data that Snort gathers NIDS wise and releases every 30 days in the form of updates, and my $30 a year subscription, work on Suricata if so I'll kill Snort?
-
@JohnKaul Thanks John for your candor...so we'll learn together. Sure wish this was as easy as "turn it on to keep me safe"...
-
You have to pay for snort? I wouldn't pay for anything like that; if Suricata is free, go with it.
@ILIKENETGATE said in Clearing disk:
@JohnKaul Thanks John for your candor...so we'll learn together. Sure wish this was as easy as "turn it on to keep me safe"...
Sure! Me too (and that's why I'm here hanging with you guys, for the moment). I'm more of a SSH/CLI guy (the
/var/logdiscussion above) so you're going to yell at me bit when it comes down to management. -
@JohnKaul No it would take much more than SSH for me to get mad :)
