| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Running Snort on IIS Web Servers Part 1: Advanced Techniques It's this simplicity that makes Snort so popular. It is simple and yet it has enough power to protect a good-sized network. It does not try to be everything - it does one job and it does it efficiently. It watches network traffic, looking for rule-based intrusion signatures, alerting and logging when a match is made. There is no GUI, no reporting engine, and no pop-up help file, just a simple command-line utility that sniffs traffic and keeps on sniffing until you tell it to stop. Although there are those who would consider this a weakness, it is exactly what makes it so versatile and so powerful.
02/21/2004
|
|
Installing Freebsd, Mysql, and Snort Tutorial This document will help a user install FreeBS D 4.7 Release, Snort 1.9.0, MySQL 3.23.53, and ACID-0.9.6b21. It will also guide the user through the process of securing the machine and getting the snort sensor(s) to log to a central database over stunnel. The intention is to give users that are new to any of the software the opportunity to build an enterprise-class system based completely on free, open-source tools.
02/21/2004
|
|
Current SNORT User Manual Snort really isn’t very hard to use, but there are a lot of command line options to play with, and it’s not always obvious which ones go together well. This file aims to make using Snort easier for new users. Before we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console. Packet logger mode logs the packets to the disk. Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon what it sees.
By The Snort Project, 02/21/2004
|
|
Running Snort on IIS Web Servers Part 2: Advanced Techniques Snort, a public domain intrusion detection system, monitors traffic by analyzing every packet on a network, looking for malevolent content. It does this by putting the network adaptor in promiscuous mode so that it can see all network traffic on the wire, a process referred to as packet sniffing. Snort is a rule-based IDS, which means that it applies a set of rules to each packet based on known attack signatures. When it detects an attack signature, it performs the action designated in the rule.
02/21/2004
|
|
Page: 123 4 |
