Snort

From wiki-ben
Jump to: navigation, search

Snort is an IDS that does real-time analysis of incoming traffic. It can be configured to work both for networks and also single systems. An idealistic configuration follows the following tutorial: https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf

This includes how-to on setup of also barnyard and other components.

In addition to this, the community rules do not cover all aspects of intrusion detection. Thus using emerging threats rulesets is also recommended. These can be found here:

https://rules.emergingthreats.net/open/snort-2.9.0/rules/

Notes

Sources

https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf
https://rules.emergingthreats.net/open/snort-2.9.0/rules/