- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Securing a Windows Snort Sensor for Hostile Environments
- Abstract
- Snort is an open-source Network Intrusion Detection System (NIDS). Originally written for UNIX, it has since been ported to the Windows platform. While Snort undoubtedly runs faster and with less packet loss on a UNIX host, many organizations lack the requisite skill sets to deploy and maintain a UNIX host within their environment. For these organizations, Snort on Windows 2000 provides a low-cost, high-quality NIDS. Deploying Snort on Windows can be a convoluted process. Michael Steele of Silicon Defense has simplified the installation with his excellent paper, "Snort Installation Manual - Snort, MySQL, Acid & IIS - Windows NT4 Server, 2000, & XP (All Versions)1." His paper lays out a step-by-step procedure for the complicated build process. But it does not address the security of the Snort sensor. Indeed, a sensor built solely to his specifications will not survive on any but the most trusted of network segments. This white paper documents how to secure a Windows' Snort sensor for deployment into extremely hostile environments.