Good day all,
  I'm looking for some information on setting up several IDS's on our network.  I'm looking for the best system (pc) to run some version of linux to run snort on.  We prefer dell but I'm sure I could convince my boss to use something else.  I realize this is probably isn't really even a good question since it's probably the NIC that's more important the the PC itself. 

  One other question is a network tap.  I've made the network tap that snort has on their website but i'm not sure how to get the full duplex off of it.  If you look at it you have to jacks for the two pair you are using to get the info off of.  Does that me I will have to use 2 Nic's and if so how does it get combined back into one signal.  Or do I have to basically run snort and just use some sort of filtering on it.

  We also looked at some Commercial taps but my boss isn't to keen on it, he is feels we should us as much open source and free material as we can get our hands on.

  Any websites referencing this info would be greatly appreciated.

humv

Well, working on the 4th book this week, only issue is that I don't have the same book as everyone else .  Other than that this course is definately a must take.  I would also recommend the @Home just for the fact that you can practice all the stuff they teach you.  I must admit I was a little concerned to begin with, I have bare knowledge in linux.  I would recommend that anybody taking the course get up to speed on linux first.  Lot of windows and linux fu.  Well, a couple more weeks left.  It funny because I want to just go out there and start scanning everything on the internet but I must not .  So I will have to stick to my VM images to hack away at.  Well that's it for now

I work for the public service in canada.  They are the best, well maybe just where i work.  My boss loves the fact that I'm getting into the security side of our world...  Not so much when I set off the intrusion detection on our ISA and he get a flood of e-mails from it.....

The labs are great.  Basically they leave it open 24/7 with the machines resetting at the top of the hour.  That way if you kill a machine you just need to wait til the top of the hour and then start hacking away at them again.  I have the best job, I have access to our external network at work so I've been playing at work also.  I have nothing but positive things to say about the course.  I would recommend it to anybody.  So basically instead of hacking away during course hours for 6 days I get to hack away 24/7 for the whole 6-7 weeks the course is running.  Same information as being in class except you can do it naked if you want to 

I'm currently on the SANS 560 @Home.  You don't even have to be in a classroom with ed to feel his energy.  He has such enthusiasum for this stuff.  He really knows his stuff, questions keep flying at him and he doesn't even hesitate for a second to answer them.  Well keep up the great work don and thanks for the site.

Don,
  You are an excellent motivational speaker.  I listened to your presentation and I thought you had some excellent points.  Thanks for the info.

humv

When I first got into this line of work I self studied my A+ and my MCSE NT4 (that probably dated me).  I find that self study can be done as long as your dedicated to the material at hand.  I have been having a hard time lately because work keeps approving the courses I want to go on.  I know that's not really something to complain about.  I think I have to much of a thirst for knowledge (once again, could be a bad thing).  But as Don said anything can be done by self study as long as it's offered.  Good luck and study hard.

Just thought I would throw in my 2 cents worth.  I've used multiple AV software in the passed some free some not free.  I've used McAfee, AVG, BitDefender, Symantec.  Have read this post I agree with the fact that any AV software is better than none at all.  Well, as I said there is my 2 cents.

humv

Anybody got any links to info on Lua or any book recommendation. 

Thanks

Well, the third session is over and let me tell you I really want to hit the internet and do some scanning but without permission I will have to be satisfied with the SANS test environment.  The third day was Hping3, NMAP.  Some interesting stuff you can do with this, also tcpdump.  Ed definately has the ability to keep your attention focused on the topic at hand.  I must admit I enjoy the @Home for the simple fact that you take have a days worth of material in and then you get either 2 days or 4 days to practice it.  I think this is probably the best environment for hands on practice.  Well, off to do some scanning on the SANS environment.

Later

I think this site could be a valuable asset with kids.  Even if this doesn't bestow upon them all the things to go along with "Ethical Hacking".  They will begin to understand the concept of just how dangerous the internet can be.  There are some subjects that should be taught in school but alast they are not.  If somebody other than myself explains to my kid what he should and should not be doing on social websites and questionable sites for gaming, then it should help out.  They seem to have their stuff together and it's not as if it's a 5 hour course.  It looks fairly drawen out. 

Looks like it should be promising....

I've have recently taken up the daunting task of reading the CISSP book from shon harris 4th edition (Big book).  I'm sure I could scrape up enough in my previous work exprience to be able to qualify for the test but my issue is how do find a sponsor?  It seems kind of strange to be learking around forums looking for a CISSP to sponsor me.  I realize there is a reason for having it like that but since I live in a somwhat secluded area I don't have access the any CISSP support other than the internet.  I've visited the ISC2 website but I can't find where they say you need a CISSP to sign off. Or is this for the requirement, as in a CISSP looks at your resume and job experience and decides whether you already have the experience required.  That would put me back to the question of where would you find somebody with trolling around in forums and asking every swing CISSP out there to give you a hand??  Well I guess that enough of a wineing session for now.  Sorry to bug ya.

Good day,
  I am currently attending the SANS 560 @Home.  I must admit Ed is an excellent instructor.  I could see where he might get swamped with questions thou.  There is from what I can tell 90 students on the course.  Well it's off to study and try out the VPN and do a little scanning 

humv