Finding an OS for Snort IDS sensors

After deciding to implement Snort and determining IDS sensor placement, you must decide what operating system (OS) to use for the network sensors. The answer is surprisingly simple.

More Information Learn how to harden your Unix/Linux OS with this expert advice Find out how to keep your Mac OS secure with these resources

Flame wars regarding relative OS performance, stability and security problems can and do erupt at the drop of a hat. With this in mind, the bottom line for determining what OS to use with a critical security device is "go with what you know." You will be much better at properly configuring, hardening, administering and troubleshooting an OS you already know. You will also be better able to spec hardware and performance, and presumably other people in your organization will be able to back you up when needed. If you and your organization are equally comfortable with multiple OSes then do some internal testing, or just pick whatever OS runs best with the hardware and IDS sensors that you plan to use.

Having said that, Snort IDS is developed and tested on Linux and Mac OS X, and is heavily tested by the Linux and BSD communities. These platforms are always supported first, and the developers are very familiar with them. With Snort on a well-tuned Linux or BSD platform you can get acceptable performance out of older, slower or cheaper hardware than some other OSes might require.

In the end, learning new technologies is something we should all do to keep current, but devices intended to protect your network are not a good place to experiment.

SNORT INTRUSION DETECTION AND PREVENTION GUIDE

  Introduction
  Why Snort makes IDS worth the time and effort
  How to identify and monitor network ports after intrusion detection
  How to handle network design with switches and segments
  Where to place IDS network sensors
  Finding an OS for Snort sensors
  How to determine network interface cards for IDS sensors
  Modifying and writing custom Snort IDS rules
  How to configure Snort variables
  Where to find Snort IDS rules
  How to automatically update Snort rules
  How to decipher the Oinkcode for Snort's VRT rules
  Using IDS rules to test Snort

ABOUT THE AUTHOR:

JP Vossen, CISSP, is a Senior Security Engineer for Counterpane Internet Security. He is involved with various open source projects including Snort, and has previously worked as an information security consultant and systems engineer.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Network Security Tactics,   Network Intrusion Detection (IDS),   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Application and Platform Security,   Open Source Security Tools and Applications,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Tactics Preventing SQL injection attacks: A network admin's perspective Screencast: How to launch an OpenVAS scan Wireless network guidelines for PCI DSS compliance Aligning network security with business priorities Scanning with N-Stalker offers basic Web application security assessment Lifecycle of a network security vulnerability Screencast: BackTrack 4 offers an arsenal of penetration testing tools Network access control technology: Over-hyped or underused? Screencast: Smoothwall offers firewall defense in lean times Screencast: Samurai offers pen-testing nirvana Network Intrusion Detection (IDS) Preventing SQL injection attacks: A network admin's perspective Lifecycle of a network security vulnerability Best Intrusion Prevention and Detection Products Rogue AP containment methods SIMs tools and tactics for business intelligence IPS and IDS deployment strategies Know when you need IDS, IPS or both Trend Micro to acquire Third Brigade for virtualization, cloud security New product aims to control rogue applications that avoid firewalls How to perform a network forensic analysis and investigation Network Intrusion Detection (IDS) Research Open Source Security Tools and Applications Screencast: How to launch an OpenVAS scan Could Metasploit popularity erode? Metasploit Project acquired by vulnerability management firm Rapid7 SSH key compromise shuts down Apache website Screencast: Smoothwall offers firewall defense in lean times Screencast: Samurai offers pen-testing nirvana Rootkit Hunter demo: Detect and remove Linux rootkits When to use open source security tools over commercial products Screencasts: On-screen demonstrations of security tools Maltego demo: Identifying a website's trust relationships RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary computer forensics  (SearchSecurity.com) Diffie-Hellman key exchange  (SearchSecurity.com) Einstein  (SearchSecurity.com) HIDS/NIDS  (SearchSecurity.com) network behavior analysis  (SearchSecurity.com) ultrasound  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.