Home page logo
/

basics logo Security Basics mailing list archives

Antwort: Setting up an IDS system
From: Marko.Muncan () arxes de
Date: Wed, 5 Feb 2003 10:42:39 +0100


Just take this Link here: http://www.entropy.ie/research/snort4-latest.pdf

They have a nice explanation of how to setup an IDS system using Snort and
ACID on Linux. They are using Redhat for example but i built it on my
Mandrake 8.1.

Example here: http://JAMy.homelinux.org/
or directly: http://JAMy.homelinux.org/acid/acid_main.php

If you have any questions directly to this, just email me.



Mit freundlichen Grüßen
Marko Muncan
__________________________________________
arxes Network Communication Consulting AG

Schanzenstraße 36
Gebäude 197
D-51063 Köln

Telefon:  +49 (0) 221 96486 - 268
Telefax:  +49 (0) 221 96486 -
WEB:      http://www.arxes.de
MailTo:   Marko.Muncan () arxes de


                                                                                                                   
                    "Naman Latif"                                                                                  
                    <naman.latif () i       An:     <security-basics () securityfocus com>                              
 
                    named.com>           Kopie:                                                                    
                                         Thema:  Setting up an IDS system                                          
                    31.01.2003                                                                                     
                    18:34                                                                                          
                                                                                                                   
                                                                                                                   





Hi,
I am in the process of setting up and IDS system using Linux\Snort in
DMZ. A couple of questions regarding this

1. Is it a safe practice to have access to this system from Inside
Network (for retrieving log files etc) from 1-2 Stations ? Ofcourse IDS
won't have access to inside network and be blocked by Firewall.

2. What kind of services should be running on IDS Station ? Should all
Web\FTp etc services be stopped ?

3. How important it is to also have an IDS system monitoring the traffic
on your Inside Network ? I believe it won't be a good idea to have the
SAME DMZ IDS system with another NIC monitoring Inside Network Traffic ?

Any other suggestions OR any Links that I can refer to ?

Regards \\ Naman






  By Date           By Thread  

Current thread:
  • Antwort: Setting up an IDS system Marko . Muncan (Feb 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault