Best practices for IDS creation and signature database maintenance
Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.
For example, the Snort IDS is extremely popular. It's an open source network intrusion detection system that is widely used in the enterprise. As an open source product, Snort is available at no cost and has a large community of developers creating rules.
Sourcefire, the company behind Snort, makes an official ruleset available to Snort users either in real-time (for paid subscribers) or on a 30-day delay (at no charge). This is the best way to obtain a reliable, timely ruleset. If you're using a different IDS product, consult the vendor for details on rulebase subscriptions.
More information:
- Is writing intrusion detection systems using Java a good idea?
- Network intrusion prevention systems: Should enterprises deploy now?