SearchSecurity Technical

Snort Intrusion Detection and Prevention Guide

by JP Vossen

To paraphrase Bruce Schneier, banks do not depend solely on vaults to keep their assets safe; they also employ intrusion detection and response mechanisms

    Requires Free Membership to View

in the form of alarms and guards. Your network, or more properly the data on it, is one of the most important assets your company has. You already protect it with a vault -- your firewall, and logical and physical network perimeter security. But if you don't have alarms (intrusion detection systems) and guards (incident response), you are not as secure as you could be.

Arguably one of the best network intrusion detection systems (IDS) is the free and open source Snort toolkit. It has a large and active community, and is backed by the commercial company SourceFire, making Snort a strong contender in the intrusion detection systems market. The package itself is free. All that's required is some hardware to run it on and the time to install, configure and maintain it. Snort runs on any modern operating system (including Windows and Linux), but some consider it to be complicated to operate. The goal of this guide is to take some of the mystery out of Snort.


SNORT INTRUSION DETECTION AND PREVENTION GUIDE

  Why Snort makes IDS worth the time and effort
  How to identify and monitor network ports
  How to handle network design with switches and segments
  Where to place IDS network sensors
  Finding an OS for Snort IDS sensors
  How to determine network interface cards for IDS sensors
  Modifying and writing custom Snort IDS rules
  How to configure Snort variables
  Where to find Snort IDS rules
  How to automatically update Snort rules
  How to decipher the Oinkcode for Snort's VRT rules
  Using IDS rules to test Snort

 

ABOUT THE AUTHOR:

 
JP Vossen, CISSP, is a Senior Security Engineer for Counterpane Internet Security. He is involved with various open source projects including Snort, and has previously worked as an information security consultant and systems engineer.
 

This was first published in May 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: