| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Snort for WinXP Installation Non-Enterprise Network This setup procedure basically follows the instructions on Winsnort.com under Winsnort with Snortsnarf. As we all know all instruction is not complete and always leaves something out and what I have tried here is to clarify and expand on the setup. My goal is to make a simple to follow instruction by outlining each step until the setup is completed. Also, I made some changes in the configuration and added in other components (freesmtp and oinkmaster) to assist the administrator in operating the Winsnort.
By Allen K. Yim, 11/15/2004
|
|
Snort, Apache, SSL, PHP, MySQL and Acid Install on Fedora Core 1 From RPM This document originated when a friend of mine asked me to put together this procedure for him so that he could install Snort and Acid. It is pretty basic and is for the Linux newbie, as well the Snort newbie. This is not an ultra-secure end-all to Snort IDS deployment guide; this is a “How in the hell do I get this installed and working” guide. This document will walk you through installing a stand-alone RedHat/Fedora system (this is not for a dual boot system).
By Patrick Harper, 07/07/2004
|
|
Building and Maintaining a NIDS Cluster Using FreeBSD and Snort What I am going to show you here is how to build a NIDS cluster with central logging and maintenance facilities. Hopefully this will help you take more control over your environment so you actually know what is happening on your network, and by knowing that you can take appropriate counter measures to remove the threat. This can include everything to automatically tearing down the TCP connection to reconfigure the firewall(s) to block the offending packets to enter your network in the first place.
By Michael Boman, 04/27/2004
|
|
A Tool for Running Snort in Dynamic IP Address Assignment Environment The purpose of this paper is to detail the creation of a small tool program which aids the operation of the Snort IDS in dynamically assigned IP address environment. The configuration file of Snort (snort.conf) specifies IP numbers for the monitored network and servers. For the non-permanent IP address subscriber sites, which are the case for the most of ADSL users, these parameters need be updated every time the data link connection reset and new address is assigned.
By Shin Ishikawa, 04/27/2004
|
|
Securing an Unpatchable Webserver... HogWash! During a routine examination of a client's network we discovered a vulnerability on a Microsoft IIS 3 web server. After brief investigation, we discovered that this web server runs a mission-critical web application: it is the client's primary means of doing business and must be protected at all cost. The real problem is that this application is tightly bound to certain features of Microsoft's IIS 3 web server. We searched for a patch, but there were none. Microsoft's solution was to upgrade the server to a more recent version. We attempted to upgrade the server to IIS 4, but the result was disaster. A total rewrite of the web application using better technology is underway, but will not be complete for a long time. In the meantime the server needs to remain available and unhacked. What is the security professional to do?
By Jed Haile and Jason Larsen , 04/22/2004
|
|
A Practical Guide to Running SNORT on Red Hat Linux 7.2 and Management Using IDS Policy Manger MySQL In the brief time that I have been on this planet the state of computing has changed drastically. The high-powered computers and blink of the eye internet connectivity once reserved for universities and major corporations has now become a staple in small businesses around the United States and the world. As more and more these small businesses get connected to the global network we call the internet, we must focus our attention on securing these systems. It used to be that hacking systems such as these could only be done by high skilled programmers and network gurus. This has also changed with the birth of ?script kiddies? who are hackers who use programs and scripts that are freely available and easy to use to attack such systems. Firewalls and virus protection software add layers of security but in most cases this is not enough.
04/15/2004
|
|
Using Snort For a Distributed Intrusion Detection System Intrusion detection has become an extremely important feature of the defense-in-depth strategy. The thought used to be that if you had a firewall protecting your network you were secure. This is no longer the case. A firewall is an essential and important part of network security but it does not have the ability to detect hostile intent. Unlike a firewall, an intrusion detection system has the ability to evaluate solitary packets and generate an alarm if it detects a packet with hostile potential. This document will provide an option for setting up a distributed network intrusion detection system using open source tools including the intrusion detection software Snort. Through the use of open source tools and spare hardware an intrusion detection system can be setup with minimal financial burden.
By Michael P. Brenman, 04/15/2004
|
|
Using Snort v1.8 with SnortSnarf on a RedHat Linux System To effectively implement system and network security, a multi pronged approach should be used. Proper security policies, firewalls, proxy servers, properly complex passwords and intrusion detection systems layered together help form one of the bedrock principles called Defense in Depth. The purpose of defense in depth is preventing inherent and unknown flaws in the technologies deployed from allowing unauthorized access into a system or server. If one layer fails there is another to protect the failed layer. The intrusion detection systems (IDS) job is to log attempts of unauthorized network access into the systems.
04/15/2004
|
|
Snort Install on Win2000/XP with Acid, and MySQL The purpose of this paper is to detail using Snort as a Network Intrusion Detection System. Unfortunately Snort is not just a simple executable file that one could click next all the way through. There are many different applications that need to be installed to make Snort run. This paper is designed with as much detail as possible to help newbies easily install and configure Snort 1.8.6 on Windows 2000/XP. Many Snort installation instructions are very arcane, they leave out important details, and do not explain exactly why certain things are being installed or configured a specific way. This document is intended for people with little technical experience. They will be able to successfully install Snort with little difficulty and understand the different steps along the way. These procedures are quite long and meticulous, but people with little or no Snort expertise have successfully tested them.
04/15/2004
|
|
Securing a Windows Snort Sensor for Hostile Environments Snort is an open-source Network Intrusion Detection System (NIDS). Originally written for UNIX, it has since been ported to the Windows platform. While Snort undoubtedly runs faster and with less packet loss on a UNIX host, many organizations lack the requisite skill sets to deploy and maintain a UNIX host within their environment. For these organizations, Snort on Windows 2000 provides a low-cost, high-quality NIDS. Deploying Snort on Windows can be a convoluted process. Michael Steele of Silicon Defense has simplified the installation with his excellent paper, Snort Installation Manual Snort, MySQL, Acid & IIS Windows NT4 Server, 2000, & XP (All Versions)1. His paper lays out a step-by-step procedure for the complicated build process. But it does not address the security of the Snort sensor. Indeed, a sensor built solely to his specifications will not survive on any but the most trusted of network segments.
04/15/2004
|
|
Page: 1 234 |
