| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
SnortDB database schema This is a SNORT Database schema diagram in PNG format
02/21/2004
|
|
Snort, MySQL and ACID on Redhat 7.3 The purpose of this guide is to document the installation and configuration of a complete Snort implementation. This guide contains all the necessary information for installing and understanding the architectural layout of the implementation. The information in this guide was written for implementing Snort 1.8 using Redhat 7.3. You may find some discrepancies if you are installing different versions of Snort or using different versions of Redhat.
02/21/2004
|
|
Snort, Apache, PHP, MySQL, ACID on Solaris 9 Installation Guide This manual concern the installation and configuration of snort and acid on Solaris9. Of course, all installation of necessary components as mysql, SSL, PHP, adodb, etc .... will be explained too.
02/21/2004
|
|
Snort, Apache, PHP, MySQL, ACID on Redhat 9.0 Installation Guide We will install a minimal number of packages, sufficient for a usable system. After the install we’ll turn off anything that is not needed. It is an ideal dedicated IDS by hardening the OS and further securing the system. It is, however, also a system that can easily be added to for other uses. There are lots of good articles on how to secure a RedHat box on the web. Just go to http://www.google.com and search for “securing redhat”.
By Patrick Harper, 02/21/2004
|
|
Snort's Place in a Windows 2000 Environment The target audience of this document is middle of the road administrators who may be looking for an easy to setup network intrusion detection system that won't put a dent in the IT budget. This document will introduce you to Snort. Snort is an opensourced, lightweight, network intrusion detection system. It makes use of an easy to learn rules system to detect and log the signatures of possible attacks. It was originally created for the *nix operating systems and has now been ported over to the Windows family of operating systems as well.
02/21/2004
|
|
Snort Users Manual 2.0.1 Before we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console. Packet logger mode logs the packets to the disk. Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon what it sees.
02/21/2004
|
|
Snort Installation and Basic Usage Part Two Part I of this article focused on the installation and basic usage of the snort intrusion detection system (IDS) on the Linux platform, including running snort as a command line sniffer and loading snort with a pre-defined rule set. This article will take a look at some further methods and programs that can be used in conjunction with snort to more reliably detect and fend off intrusions. We will also examine how rules are written to suit special case scenarios.
02/21/2004
|
|
Snort Installation and Basic Usage Part One Computer Intrusions are on the rise. Whether it's script kids trying to deface a web page or a calculated attacker trying to steal credit card information, sites must equip themselves to not only ward off attacks, but know if these attacks are taking place. This is where Intrusion Detection Systems (IDS) come into play. In a nutshell, an IDS is a system that sits on a network and watches for anomalies. A basic IDS watches either all of the traffic or a sampling of the traffic going through the wire. It compares this traffic to a database of fingerprints or signatures of known attacks. If an attack is detected the IDS can take multiple actions depending on the configurable response to the attack. These actions can be anything from paging the administrator to dropping the route of the attacker. More complex IDS's will also recognize anomalies in the patterns of system users.
02/21/2004
|
|
Snort Database Plugin Documentation The Snort NIDS has the ability to log the triggered alerts to several types of databases: MySQL, PostgreSQL, Oracle, SQL Server, and unixODBC compliant database. The database logging functionality is implemented in the output plug-in files: spo_database.c and spo_database.h. This documentation covers Snort v1.8 on both Windows and UNIX
02/21/2004
|
|
Snort - Lightweight Intrusion Detection for Networks Snort fills an important "ecological niche" in the the realm of network security: a cross-platform, lightweight network intrusion detection tool that can be deployed to monitor small TCP/IP networks and detect a wide variety of suspicious network traffic as well as outright attacks. It can provide administrators with enough data to make informed decisions on the proper course of action in the face of suspicious activity. Snort can also be deployed rapidly to fill potential holes in a network's security coverage, such as when a new attack emerges and commercial security vendors are slow to release new attack recognition signatures. This paper discusses the background of Snort and its rules-based traffic collection engine, as well as new and different applications where it can be very useful as a part of an integrated network security infrastructure.
By Martin Roesch, 02/21/2004
|
|
Page: 12 3 4 |
