Argus Documention

Argus is a session data collection tool, and probably the most underrated network security application available. I wrote about Argus in my first book, a Sys Admin article, and here. Recently I read on the argus mailing list that Thorbjörn Axelsson posted his thesis Network Security Auditing at Gigabit Speeds (.pdf) online, and it uses Argus. Through his references I discovered an earlier article by Peter Van Epp titled Pssst, Wanna Buy Some Network Insurance? (.pdf). Peter's article in particular demonstrates a wonderful appreciation of the limitations of IDS/IPS, e.g.:

"Knowing of a break in after the fact, while undesirable, is much better than not knowing of the break in at all... With Argus you at least have the data; with only an overwhelmed IDS or firewall you don't (or at least not all of it). Something to think about, especially in terms of insurance."

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics