December 29, 2000

Looking at IDS systems this past week. I've implemented two of them, a personal IDS called BlackIce and another one on Linux called Snort. As far as BlackIce goes, it's a pretty solid inbound firewall. It doesn't have any outbound firewall functionality (yet), but its IDS system is very nice, and it's incredibly easy to use, while still allowing power users to configure it with the config files.
Someone else had set up an interface that takes Snort output and makes pretty HTML output. It's called SnortSnarf. I'm going to try to implement that next. If anyone has any experience with these tools, let me know what you think. It looks nice and has links for different hack attacks so you can just click on them to jump to descriptions, etc.

No comments: