Home > Snort Intrusion Detection and Prevention Guide
SearchSecurity Technical Guide:
EMAIL THIS LICENSING & REPRINTS

Snort Intrusion Detection and Prevention Guide

05 May 2005 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

by JP Vossen

To paraphrase Bruce Schneier, banks do not depend solely on vaults to keep their assets safe; they also employ intrusion detection and response mechanisms in the form of alarms and guards. Your network, or more properly the data on it, is one of the most important assets your company has. You already protect it with a vault -- your firewall, and logical and physical network perimeter security. But if you don't have alarms (intrusion detection systems) and guards (incident response), you are not as secure as you could be.

Arguably one of the best network intrusion detection systems (IDS) is the free and open source Snort toolkit. It has a large and active community, and is backed by the commercial company SourceFire, making Snort a strong contender in the intrusion detection systems market. The package itself is free. All that's required is some hardware to run it on and the time to install, configure and maintain it. Snort runs on any modern operating system (including Windows and Linux), but some consider it to be complicated to operate. The goal of this guide is to take some of the mystery out of Snort.


SNORT INTRUSION DETECTION AND PREVENTION GUIDE

  Why Snort makes IDS worth the time and effort
  How to identify and monitor network ports
  How to handle network design with switches and segments
  Where to place IDS network sensors
  Finding an OS for Snort IDS sensors
  How to determine network interface cards for IDS sensors
  Modifying and writing custom Snort IDS rules
  How to configure Snort variables
  Where to find Snort IDS rules
  How to automatically update Snort rules
  How to decipher the Oinkcode for Snort's VRT rules
  Using IDS rules to test Snort

ABOUT THE AUTHOR:
JP Vossen, CISSP, is a Senior Security Engineer for Counterpane Internet Security. He is involved with various open source projects including Snort, and has previously worked as an information security consultant and systems engineer.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Network Intrusion Detection (IDS)
RSA 2008: Sourcefire founder Roesch previews Snort 3
Screencast: Opening up the Network Security Toolkit
Can a firewall alone effectively block port-scanning activity?
Should an intrusion detection system (IDS) be written using Java?
What security risks do enterprise honeypots pose?
What are the benefits of 'in-the-cloud' network security services?
Screencast: Snort -- Tactics for basic network analysis
Can Snort stop application-layer attacks?
Juniper UAC to deliver Shavlik patch management technology
What kinds of network packet data can be extracted from Snort IDS?
Network Intrusion Detection (IDS) Research

Network Intrusion Prevention (IPS)
What security risks do enterprise honeypots pose?
What are the benefits of 'in-the-cloud' network security services?
What is a 'top-down' IPS sensor search?
Is a 'self-defending network' possible?
Best practices for purchasing an intrusion detection device
VeriSign, AirMagnet team up for wireless IPS
Sourcefire, Nmap deal to open vulnerability scanning
Interop: Vendors update software, demonstrate new security features
McAfee launches IPS for 10g networks, but is IT ready?
Microsoft NAP-TNC compatibility won't speed adoption, users say
Network Intrusion Prevention (IPS) Research

Monitoring Network Traffic and Network Forensics
Is security improved when the number of Internet gateways is reduced?
Screencast: Nessus
What are the pros and cons of shaping P2P packets?
Built-in Windows commands to determine if a system has been hacked
How will the centralized logging of network flow data benefit an enterprise?
The forensics mindset: Making life easier for investigators
vPro: Making the case for network security on a chip
PING: Fyodor
What security issues can arise from unsynchronized system clocks?
Filtering log data: Looking for the needle in the haystack

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
computer forensics  (SearchSecurity.com)
Diffie-Hellman key exchange  (SearchSecurity.com)
Einstein  (SearchSecurity.com)
HIDS/NIDS  (SearchSecurity.com)
intrusion detection  (SearchSecurity.com)
network behavior analysis  (SearchSecurity.com)
ultrasound  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts