Build an IDS with Snort, Shadow, and ACID
Source: Newsforge - Posted by Pax Dickinson   
Intrusion Detection Every organization understands the importance of using a firewall to protect its assets. But what happens if someone finds a hole in the wall? What if the infiltrator is actually someone from within your organization who wants to access information that he shouldn't? To cover those contingencies, you need an intrusion detection system (IDS) to complement your firewall. Fortunately, with a minimum amount of time and money you can set up an IDS with open source tools such as Snort, Shadow, and ACID.

An IDS comprises sensors to do the actual monitoring and a central console to store and analyse the data collected on each sensor. A sensor can be a basic PC with an extra network card (to do the actual monitoring), whilst the central console should have a bit more processing power and a larger disk.

If Linux isn't already on the PCs you plan to use then you'll have to install it. You'll need only a minimal install because these boxes will be used only for the IDS. I recommend installing Bastille to make the IDS more secure. Another key thing to do is to put the monitoring network card on the sensor without an IP address; this makes it effectively invisible.

You can now start installing the software to do the actual intrusion detection. You can use Snort to monitor patterns of behaviour (or signatures) and Shadow to monitor packet headers. You'll need ACID to analyse the data collected by Snort (Shadow has its own analyser).

Read this full article at Newsforge

Only registered users can write comments.
Please login or register.

Powered by AkoComment!