11 Aug 2006 halcy0n   » (Journeyer)

This has been something I've been curious about for awhile now. How many people actually use an IDS? If you do, which do you use, and why? Do you actually go in and check all of the data it collects and react to it, or do you have an intrusion prevention system that handles it for you? If you don't use an IDS, why don't you?

I ask because I'd like to hear from people what they find lacking, or what they love, about existing IDS systems. IDMEF presents a very nice way to combine a whole bunch of different systems to make it into one nice big system, much like Prelude does now. Prelude is the only system of its type that I've been able to find though, and I'd love to know what some of the improvements people would like to see, since a project doing something similar to Prelude has been on the backburner of my mind for quite some time now.

If your journal is on Advogato or Planet Larry (which this journal is syndicated on now, thanks beandog), then I'll most likely see your response, but if you want, shoot me an email as well. My email can be found on my Advogato page.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!