Home > Information Security Magazine > Features > Putting Snort to Work
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Putting Snort to Work
by Russ McRee
Issue: Oct 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >

Versatile Tool
Organizations already running IDS in some form can still put Knoppix-NSM to good use:

  • Quick deployment. Say you've been dispatched to a remote site to assess the security posture of a recent acquisition. It's doing the bare minimum, content to assume all is well because it has a firewall. With permission from management, and the cooperation of a network engineer, you boot up Knoppix-NSM and connect to a SPAN port on a core network switch. You quickly determine that all in fact is not well, and extensive remediation will be required before joining the acquired network to your well-protected, monitored and maintained existing network.


  • Instant console. Your Snort farm is well managed and performs its purpose, but you're in need of an additional console immediately. This is often useful to compare console attributes or provide additional perspective. Sguil in particular offers analysis functionality considered by many NSM practitioners to be superior to any other console.


  • Learning and testing. Knoppix-NSM is the ideal framework for teaching and testing. Perhaps your security operations staff is growing and you need to set up a classroom environment with minimal hardware and effort. Imagine an attack-and-defend approach where Knoppix-NSM is running on a central server. Half of your class is running a Sguil console via Knoppix-NSM, and the other half is attacking virtual victims. With the aid of virtual machines and a few surplus laptops/desktops, you can show your new junior analysts the benefits of a well-monitored network.
Knoppix-NSM is an extremely useful LiveCD and appears to have a bright future, as Securixlive.com's site says more analysis tools and a SIM/SEM tool are on the way in future releases, to be rechristened Securix-NSM.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts