2


Chapter 1     Introduction to Intrusion Detection and Snort


(http://www.netscreen.com). The most popular Open Source firewall


is the Netfilter/Iptables (http://www.netfilter.org) based firewall.


  Intrusion detection systems (IDS) that are used to find out if someone


has gotten into or is trying to get into your network. The most popular


IDS is Snort, which is available at http://www.snort.org.


  Vulnerability assessment tools that are used to find and plug security


holes present in your network. Information collected from vulnerability


assessment tools is used to set rules on firewalls so that these security


holes are safeguarded from malicious Internet users. There are many


vulnerability assessment tools including Nmap (http://www.nmap.org)


and Nessus (http://www.nessus.org).


These tools can work together and exchange information with each other. Some


products provide complete systems consisting of all of these products bundled together.


Snort is an open source Network Intrusion Detection System (NIDS) which is


available free of cost. NIDS is the type of Intrusion Detection System (IDS) that is used


for scanning data flowing on the network. There are also host based intrusion detection


systems, which are installed on a particular host and detect attacks targeted to that host


only. Although all intrusion detection methods are still new, Snort is ranked among the


top quality systems available today.


The book starts with an introduction to intrusion detection and related terminology.


You will learn installation and management of Snort as well as other products that work


with Snort. These products include MySQL database (http://www.mysql.org) and Analy 


sis Control for Intrusion Database (ACID) (http://www.cert.org/kb/acid). Snort has the


capability to log data collected (such as alerts and other log messages) to a database.


MySQL is used as the database engine where all of this data is stored. Using Apache


web server (http://www.apache.org) and ACID, you can analyze this data. A combina 


tion of Snort, Apache, MySQL, and ACID makes it possible to log the intrusion detec 


tion data into a database and then view and analyze it later, using a web interface.


This book is organized in such a way that the reader will be able to build a com 


plete intrusion detection system by going through the following chapters in a step by 


step manner. All steps of installing and integrating different tools are explained in the


book as outlined below.


Chapter 2 provides basic information about how to build and install Snort itself.


Using the basic installation and default rules, you will be able to get a working IDS.


You will be able to create log files that show intrusion activity.


Chapter 3 provides information about Snort rules, different parts of Snort rules


and how to write your own rules according to your environment and needs. This chapter








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved