How to run IDS Snort on Red Hat Enterprise Linux 5

Intrusion detection and intrusion prevention systems (IDS and IPS, respectively) provide the ability to inspect and analyze network traffic and either generate alerts or drop traffic in the event that an attack or a malicious event is detected. They are two of a number of controls, such as firewalls, designed to protect your network from a variety of attacks. Both IDS and IPS are commonly deployed in organization's perimeters to protect externally-facing assets, like Internet-facing Web services. They can also be deployed internally to ward off attacks or virus outbreaks. For example, an IPS sensor that can be configured to stop the spread of a virus or worm may be located in-line on an internal network choke point.

We're going to demonstrate how to quickly install and run the open source IDS sensor Snort on Red ...

Digg This!     StumbleUpon     Del.icio.us

VIEW ALL IN THIS CATEGORY

RELATED CONTENT Snort The power of Snort 3.0 When Snort is not enough Justifying Snort Network session data analysis with Snort and Argus How to use shared object rules in Snort Why is the Snort IDS still alive and thriving? How can the operator test Snort? How can I learn more about Snort? Snort limitations Top five Snort tips Open Source Security Tools Using SnortSP and Snort 2.8.2 OSSEC Host-Based Intrusion Detection Guide How to find new features in Snort 2.8.2 How to use shared object rules in Snort Snort frequently asked questions How to test Snort Working with Snort's unified output Output options for Snort data Snort IDS installation basics and tips for security resellers Snort IDS upgrade and tips on the Snort.conf file Open Source Security Software Network session data analysis with Snort and Argus How to use shared object rules in Snort Why is the Snort IDS still alive and thriving? Is Snort right for the IDS needs of all clients? What is the difference between Snort and Bro? How can the operator test Snort? What does the future hold for Snort? What extra functionality do Snort add-ons provide? Does Snort support target-based intrusion detection? Will deploying Snort detect malicious events quickly?

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Hat Enterprise Linux 5 (RHEL 5). The instructions below will also generally work for RHEL 4, CentOS 4 and 5, as well as Fedora Core 5 and 6.

For many environments, especially in the small-medium business market but also in many larger corporate and government clients, Snort remains the ubiquitous IDS tool. It is fast and easy to set up and runs on most commercially available hardware, including platforms from IBM, HP, Sun and commodity PC hardware. It is a signature-based, (which Snort calls "rules") IDS engine that is easy to deploy and easy to tune. Rules are open and can be readily edited, and writing and adding your own rules requires only a little learning. Snort is also capable of outputting data in a variety of formats: binary (called "Unified"), syslog, to a file and to a SQL database (one of Oracle, PostgreSQL, MySQL or Microsoft SQL Server). Many users commonly output data to a SQL database.

About the author
James Turnbull works for the National Australia Bank as a Security Architect. He is also the author of Hardening Linux, which focuses on hardening Linux hosts including the base operating system, file systems, firewalling, connections, logging, testing your security and securing a number of common applications including e-mail, FTP and DNS. He is an experienced infrastructure architect with a background in Linux/Unix, AS/400, Windows, and storage systems. He has been involved in security consulting, infrastructure security design, SLA and service definition and has an abiding interest in security metrics and measurement.