After deciding to implement Snort and determining IDS sensor placement, you must decide what operating system (OS) to use for the network sensors. The answer is surprisingly simple.
Having said that, Snort IDS is developed and tested on Linux and Mac OS X, and is heavily tested by the Linux and BSD communities. These platforms are always supported first, and the developers are very familiar with them. With Snort on a well-tuned Linux or BSD platform you can get acceptable performance out of older, slower or cheaper hardware than some other OSes might require.
In the end, learning new technologies is something we should all do to keep current, but devices intended to protect your network are not a good place to experiment.
SNORT INTRUSION DETECTION AND PREVENTION GUIDE
Why Snort makes IDS worth the time and effort
How to identify and monitor network ports after intrusion detection
How to handle network design with switches and segments
Where to place IDS network sensors
Finding an OS for Snort sensors
How to determine network interface cards for IDS sensors
Modifying and writing custom Snort IDS rules
How to configure Snort variables
Where to find Snort IDS rules
How to automatically update Snort rules
How to decipher the Oinkcode for Snort's VRT rules
Using IDS rules to test Snort
|JP Vossen, CISSP, is a Senior Security Engineer for Counterpane Internet Security. He is involved with various open source projects including Snort, and has previously worked as an information security consultant and systems engineer.|
This was first published in May 2005