Saturday, March 12, 2005

Argus Documention

Argus is a session data collection tool, and probably the most underrated network security application available. I wrote about Argus in my first book, a Sys Admin article, and here. Recently I read on the argus mailing list that Thorbjörn Axelsson posted his thesis Network Security Auditing at Gigabit Speeds (.pdf) online, and it uses Argus. Through his references I discovered an earlier article by Peter Van Epp titled Pssst, Wanna Buy Some Network Insurance? (.pdf). Peter's article in particular demonstrates a wonderful appreciation of the limitations of IDS/IPS, e.g.:

"Knowing of a break in after the fact, while undesirable, is much better than not knowing of the break in at all... With Argus you at least have the data; with only an overwhelmed IDS or firewall you don't (or at least not all of it). Something to think about, especially in terms of insurance."

No comments: