On Tue, Jun 12, 2012 at 05:03:48PM -0600, Kevin Fenzi wrote:
* Setup a simple IDS of some kind?
- Notice non standard traffic in our internal nets
I'm definitely excited about getting an IDS deployed. I made an attempt
at it a few years ago with prelude+prewikka, but it wasn't able to keep
up with the load. The open source version was pretty much crippled
compared to the pay version, and it couldn't handle the massive amounts
of SELinux alerts that we had at the time.
These days, I use suricata on all of my machines. It's extremely easy
to setup, and works with existing snort rules. I definitely think we
should consider it.
As for another potential goal:
- mod_security (I think we almost had it deployed at one point)
What dates or places would you prefer?
Any of them work for me.