This practical guide to managing network security covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive resource for monitoring illegal entry attempts, Managing Security with Snort and IDS Tools provides step-by-step instructions on getting up and running with Snort 2.1, and how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices.
This book explains how to manage your network's security using the open source tool Snort. The examples in this book are designed for use primarily on a Red Hat Linux machine. They should be fully functional on the latest Red Hat Enterprise Linux version as well as the latest Fedora release by Red Hat. All instructions were documented using the most recent Red Hat releases, patches, and software. The applications were configured using default packages needed for a standard installation, and each machine was secured according to the latest errata.
The instructions in this book apply to other Linux flavors, such as SuSE, Gentoo, Debian, and most Unix variants, including FreeBSD, OpenBSD, and Solaris. Many of the applications are available for download as source or as precompiled binaries. Since performance is often a consideration when deploying an IDS solution, you will probably find that building the applications from source yields the best results. If you do not have the time, desire, or need to build from source, the prebuilt packages should work just fine and install without trouble on most systems. Consult your Linux distribution or Unix-based operating system for further information regarding source compilation and installation. Snort binaries are also available for the Microsoft Windows platform, and instructions for running Snort on a Windows platform are included.
Links to the applications and their respective web sites are provided throughout and at the end of the chapters. Appendix C also contains a compendium of all software programs and applications referenced. Check all software sites regularly for the latest updates and information regarding their use. Many of the programs are under active development and new versions are posted frequently. Some applications require an update with the release of new Linux versions. Stay current with the most recent release in order to avoid any vulnerabilities or security issues that appear over time.