mailing list archives
Antwort: Setting up an IDS system
From: Marko.Muncan () arxes de
Date: Wed, 5 Feb 2003 10:42:39 +0100
Just take this Link here: http://www.entropy.ie/research/snort4-latest.pdf
They have a nice explanation of how to setup an IDS system using Snort and
ACID on Linux. They are using Redhat for example but i built it on my
Example here: http://JAMy.homelinux.org/
or directly: http://JAMy.homelinux.org/acid/acid_main.php
If you have any questions directly to this, just email me.
Mit freundlichen Grüßen
arxes Network Communication Consulting AG
Telefon: +49 (0) 221 96486 - 268
Telefax: +49 (0) 221 96486 -
MailTo: Marko.Muncan () arxes de
<naman.latif () i An: <security-basics () securityfocus com>
Thema: Setting up an IDS system
I am in the process of setting up and IDS system using Linux\Snort in
DMZ. A couple of questions regarding this
1. Is it a safe practice to have access to this system from Inside
Network (for retrieving log files etc) from 1-2 Stations ? Ofcourse IDS
won't have access to inside network and be blocked by Firewall.
2. What kind of services should be running on IDS Station ? Should all
Web\FTp etc services be stopped ?
3. How important it is to also have an IDS system monitoring the traffic
on your Inside Network ? I believe it won't be a good idea to have the
SAME DMZ IDS system with another NIC monitoring Inside Network Traffic ?
Any other suggestions OR any Links that I can refer to ?
Regards \\ Naman
- Antwort: Setting up an IDS system Marko . Muncan (Feb 05)