Is Snort a good choice for monitoring network and web application traffic on Amazon EC2? If not, why and what IDS would you suggest? Is Snort a good choice to monitor for XSS, Sql Injection, attempt to brute force accounts and enumerate users, and detect DDoS against the web app?
Snort can be installed on the Linux based loadbalancers (haProxy); but I am not sure where commercial tools like Alert Logic should sit that does not create a performance bottleneck and single point of failure.
Aucun commentaire:
Enregistrer un commentaire