Abstract
This chapter demonstrates the installation and configuration of a first-class intrusion detection system (IDS) on both Linux and Windows systems, and discusses the various tools for managing event logs, including syslog and Windows event log formats. The most common way to implement IDS is by having a system monitor and inspect (sniff) all traffic over a given link. The system then compares the traffic with a database of known signatures for undesirable traffic. A host-based IDS (HIDS) inspects the activities on a particular system. A network-based IDS (NIDS) inspects the actual packets flowing across the network. Snort is an excellent, free, signature based NIDS. It possesses several advantages. One advantage is the very large and diverse user base. This user base enables you to find a lot of help and information on the Internet for running, configuring, and customizing Snort. The number of Snort utilities and add-ons is impressive. Because Snort is a signature-based IDS, having current signatures is vital. Without current signature files one could be unaware of intrusion attempts. Although Snort itself does not include any means to automatically update the signature file, another utility called Oinkmaster helps in updating the signature file. Oinkmaster is a Perl script that updates the Snort rules from the Snort Web site automatically.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
