Forfatterarkiv: mike

Stealthing the sensorts

Udgivet den juli 10, 2004 af mike

Keep your IDS sensors safe from attack, while still giving yourself access to their data. Your IDS sensors are the early warning system that can both alert you to an attack and provide needed evidence for investigating a break-in after … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Automated snort rule updating

Udgivet den juli 10, 2004 af mike

Keep your Snort rules up-to-date with Oinkmaster. If you have only a handful of IDS sensors, keeping your Snort rules up-to-date is a fairly quick and easy process. However, as the number of sensors grows it can become more difficult. … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

IDS That detect abnormal behaviour automatic

Udgivet den juli 10, 2004 af mike

Detect attacks and intrusions by monitoring your network for abnormal traffic, regardless of the actual content. Most NIDS monitor the network for specific signatures of attacks and trigger alerts when one is spotted on the network. Another means of detecting … Læs resten

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

Dynamic firewall with snortsam

Udgivet den juli 10, 2004 af mike

Use SnortSam to prevent intrusions by putting dynamic firewall rules in place to stop in-progress attacks. An alternative to running Snort on your firewall and having it activate filtering rules on the machine it’s running on [Hack #87] is to … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Hack 87 Prevent and Contain Intrusions with Snort_inline

Udgivet den juli 10, 2004 af mike

Install Snort_inline on your firewall to contain intrusions, or to stop them as they’re happening. Wouldn’t it be nice if your NIDS could not only detect intrusions, but also do something about them? It would be nice if it could … Læs resten

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

Writing snort rules

Udgivet den juli 10, 2004 af mike

Customize Snort for your own needs quickly and easily by leveraging its flexible rule engine and language. One of the best features of Snort is its rule engine and language. Snort’s rule engine provides an extensive language that enables you … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Snort sencors

Udgivet den juli 10, 2004 af mike

Use SnortCenter’s easy-to-use web interface to manage your NIDS sensors. Managing an IDS sensor and keeping track of the alerts it generates can be a daunting task, and even more so when you’re dealing with multiple sensors. One way to … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Realtime monitoring snort , yet another gui

Udgivet den juli 10, 2004 af mike

Use Sguil’s advanced GUI to monitor and analyze IDS events in a timely manner. One thing that’s crucial when analyzing your IDS events is to be able to correlate all your audit data from various sources, to determine the exact … Læs resten

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

web Frontend to SNORT

Udgivet den juli 10, 2004 af mike

Use ACID to make sense of your IDS logs. Once you have set up Snort to log information to your database [Hack #82] ), you may find it hard to cope with all the data that it generates. Very busy … Læs resten

Udgivet i Knowledge Base, Old Base, Security | Skriv en kommentar

Detect intrusions with snort

Udgivet den juli 10, 2004 af mike

Use one of the most powerful (and free) network intrusion detection systems available to help you keep an eye on your network. Monitoring your logs can take you only so far in detecting intrusions. If the logs are being generated … Læs resten

Udgivet i Knowledge Base, Networking, Old Base, Security | Skriv en kommentar