LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Using open source network security tools on a large network
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-05-2010, 07:38 AM   #1
saifkhan123
Member
 
Registered: Apr 2009
Distribution: Red Hat/CentOS
Posts: 108

Rep: Reputation: 19
Using open source network security tools on a large network

Guys, can you tell me how efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)??? what should be the combination of products and what should be the architecture for an efficient forensics activity???
 
Old 07-05-2010, 08:10 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
saifkhan123, I've moved your post from where you originally posted to a new thread, as I believe it's an excellent candidate for its own dedicated discussion and it may have deviated from the main objective behind unixfool's thread.
Last edited by win32sux; 07-05-2010 at 08:12 AM.
 
Old 07-05-2010, 08:24 AM   #3
OlRoy
Member
 
Registered: Dec 2002
Posts: 306

Rep: Reputation: 86
They are really good open source tools for network/system monitoring. However, no matter how good the tool is, it's useless without a skilled analyst.

Just because you have a large network, it doesn't mean you have to monitor all of it. Some monitoring is better than none. You're going to need to determine which computers need monitoring the most and have the analysts to analyze all of the data the tools generate.

If I were you, I'd start off small and work my way up. For example, I wouldn't use Argus, I'd start with what you already have in place such as NetFlow enabled on select routers and use flow-tools for collecting and analysis of the flows. I've just started reading Network Flow Analysis which is pretty good so far. OSSEC Host-Based Intrusion Detection Guide is a good book on OSSEC, and Snort IDS and IPS Toolkit is a good book on Snort.
Last edited by OlRoy; 07-05-2010 at 08:25 AM.
 
1 members found this post helpful.
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Diagnose and manage your network for free with Linux and open source tools LXer Syndicated Linux News 0 07-30-2007 01:16 PM
LXer: Untangle Brings the Open Source Movement to Small Business Network Security LXer Syndicated Linux News 0 06-26-2007 03:16 PM
LXer: Stillsecure announces open-source network and security services ... LXer Syndicated Linux News 0 04-02-2007 09:31 AM
LXer: Nokia adopts open source network security solution LXer Syndicated Linux News 0 08-30-2006 04:21 PM
LXer: Nmap: A valuable open source tool for network security LXer Syndicated Linux News 0 05-15-2006 08:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:26 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration