Intrusion Detection with the Snort IDS

Safety Snort

© pcphotos, Fotolia

© pcphotos, Fotolia

Article from Issue 96/2008
Author(s):

Search out hidden attacks with the Snort intrusion detection system.

R ecently, I implemented an Intrusion Detection System (IDS) for a remotely hosted web farm. After the initial setup, I began testing and configuring to streamline the system. As soon as the system was switched on, I noticed the sort of traffic that shouldn't be internal to a DMZ. The ISP-controlled firewall had been misconfigured to allow almost all traffic.

In the short time the test was running, the IDS logged a large number of port scans and access attempts on the main servers. From these logs, it was obvious that the servers were receiving the wrong sort of attention.

The moral of the story is to keep an eye on your network. Even if you don't have a misconfigured firewall, your systems could benefit from the attention of an IDS. At the most basic level, an IDS captures network traffic. Then it compares the contents of these packets against specific rules to check for known vulnerabilities or malicious code.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • The New Snort

    Get ready for a bigger and better Snort. If you're used to protecting your systems with this trusty intrusion detection tool, you'll appreciate the new features in the latest version.

    more »
  • Snort Helpers

    Snort is the de facto standard for open source network intrusion detection. The developer community has kept a fairly low profile for a couple of years, but extensions like Snorby, OpenFPC, and Pulled Pork have given the old hog a new lease on life.

    more »
  • Sniffing Out Intruders

    Snort lets you protect your network from intruders with a customizable ruleset.

    more »
  • Intrusion Detection

    The Prelude security information management system receives both host- and network-based IDS messages and displays them in an easy web interface. We show you how to set it up.

    more »
  • Security Visualization Tools

    Spot intruders with these easy security visualization tools.

    more »
comments powered by Disqus