- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
The Keep Within the Castle Walls - An Experiment in Home Network Intrusion Detection
- Abstract
- There are a number of security measures that can be implemented to protect a network. One of the key components that will assist in determining whether a system is being attacked is a network-based intrusion detection system (NIDS). A wonderful and free NIDS is snort. The GSEC course discusses how to set up snort on a Windows-based system. I will discuss how to set up snort 1.9.1 - the latest version - on a virtual Linux machine. First, the "before" scenario will describe the situation before this security improvement is enacted. Second, I will asses the risk, discuss why someone should consider network intrusion detection, talk about snort, VMware, and Linux, and investigate configuration options. I'll conclude with some implementation notes, enhancements and the "after" scenario. The appendices provide brief installation instructions and resources for further information.