Feature

Knoppix-NSM removes complexity of Snort-based network security monitoring

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."

Download it now to read this article plus other related content.

BASE, the Basic Analysis and Security Engine, is the standard-bearer of Web-based consoles. Web-based consoles are known for sluggishness, and BASE does not scale well to the enterprise level. BASE can slow down Snort on Knoppix-NSM as it has to log for BASE and "unified" for Barnyard. BASE is great for demonstration or educational purposes, but be aware of the cost to performance. You'll also find less pertinent information available in the console than you would with Sguil.

Still, Web-based consoles are convenient, and it never hurts to put a different perspective on events.

Ntop, or network top, which is also browser-based, illustrates network usage and status from a variety of perspectives. A standalone application that works separately from all Snort-related applications, ntop acts as the "statistician" for Knoppix-NSM. It allows you to sort/show network traffic according to many protocols/criteria, display and store traffic statistics, identify users and host OS, sort according to source/destination, and report IP protocol usage. It's worthy of a standalone installation, simply for the return on investment (much for nothing) and ease of use and installation.

Ntop's wealth of network traffic data makes it invaluable as a Snort companion or standalone tool.

    Requires Free Membership to View

This was first published in October 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: