Using the 'snort' Intrusion Detection System

Filed under
HowTos

Snort is the leading open source Network Intrusion Detection System and is a valuable addition to the security framework at any site. Even if you are employing lots of preventative measures, such as firewalling, patching, etc., a detection system can give you an assurance that your defences truly are effective, or if not, will give you valuable information about what you need to improve.

Fortunately, there is a good set of snort packages for Debian which takes a lot of the tedious work out of building a useful Network Intrusion Detection System. Before we start on installation, we should review a few details about the networking satack that you're going to need to make sense of the alerts snort will generate. Impatient readers and those who are familiar with the TCP/IP suite of protocols may do now skip to the bit that says Stand alone snort.

Full Article.