Thursday
Feb262009
Multi Sensor Intrusion Detection System
Thursday, February 26, 2009 at 12:10PM Multi Sensor Intrusion Detection System
Version 2.5
Written by Graham Mead
Click here to read in wide screen!
Abstract
This guide will be a multi sensor snort set up with central logging and an administrative front end. Snort will be implemented in this manner to aid the scalability issue of large networks. The guide is split into these segments:
Server Installation, a mandatory stage that forms the central core of the installation. This stage must be performed first.
- Setting up MySQL
- Allowing MySQL Network Access
- Apache and PHP
- Apache SSL
- Basic Analysis and Security Engine
- BASE database Schema
- Securing BASE with User Login
- Installing Oinkmaster
- Bleeding Edge Rules
- SSH server
Sensor Installation, a mandatory stage that is used to create each Snort sensor
- Setting up SSH
- Installing Snort (from source)
- Installing Snort (Ubuntu binary version)
- Configuring Snort
- Installing Oinkmaster
