September 19, 2003 at 12:19 pm
Hi,
Is anybody out there using snort as an intrusion detection system (IDS) for their SQL 2000?
Many thanks. Jeff
Many thanks. Jeff
September 19, 2003 at 2:34 pm
We have a general IDS (From NA) that monitors all servers, but not specifically for SQL Server.
Steve Jones
http://www.sqlservercentral.com/columnists/sjones
The Best of SQL Server Central.com 2002 - http://www.sqlservercentral.com/bestof/
September 19, 2003 at 2:45 pm
What, specifically, are you looking to do with the IDS? That may be a better question. There are folks out there using a wide range of products. Some use Snort, some use Cisco, etc.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
September 22, 2003 at 7:53 am
Hi Brian,
In a recent arcticle of SQL Server Magazine "Best Practices for Mixed Authentication" August 2003, the author suggests using an IDS (snort) to log dates, time and IP info for clients connecting to SQL Server to proactively detect intruders.
Having never used an IDS, I'm doing pre-liminary analysis on this subject. Any help or suggestions is greatly appreciated.
Jeff
Many thanks. Jeff
September 22, 2003 at 8:14 am
OK, I know the reference then. Do you have a group of engineers who are in charge of Intrusion Detection and Incident Response in your organization or is this a personal project?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
September 23, 2003 at 9:21 am
No. It's my "pet project", if you like. My goal is to test on our dev'm't servers and if satisfied, will lobby it with our engineers and role it out in a production environment.
Many thanks. Jeff
October 1, 2003 at 9:25 am
Sorry I fell off the face of the earth. An AD implementation will do that. Any case, there are numerous articles and a few books on how to use Snort. You'll want to get a basic understanding of what it does before trying to fine tune it to SQL Server. Also, if it's not your private network, clear it with the proper people first. Stuff like this can get you thrown in jail and fined, even if your intent was non-malicious.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
Viewing 7 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply