?
Solved

Snort Based IDS Config

Posted on 2014-01-20
1
Medium Priority
?
408 Views
Last Modified: 2014-01-21
I'm looking for tutorial to teach step-by-step, how to configure a snort based NIDS. A video would most helpful but any book will do as well.
0
Comment
Question by:SydNal2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 39796827
Better means is to get hand dirty and hopefully it get some kickstart. I believe the other experienced experts in snort can share more tips and experience too...the tough part is not the setup or installation but to really get it fit for your deployment needs and environment right at first will not be a bed of roses....Security onion is definitely a good start to learn it

snort official
(know it as fundamental though hardest to ingest at first. but it is reference not to neglect and fallback) http://www.snort.org/docs
(join in the community as learning curve to shorten - ask question. there is webcast to help bridge knowledge and know how sharing)
http://www.snort.org/community
http://www.snort.org/community/snort-webcast-series/

Tutorial  (rather old but still stands)
http://openmaniak.com/snort_tutorial_snort.php
http://www.thegeekstuff.com/2010/08/snort-tutorial/

On Security Onion
(the screenshot walkthrough is useful)
http://ptcoresec.eu/2013/02/14/tutorial-how-to-install-and-use-security-onion-pt-1/

Videos
(Irongeek.com has a ton of videos and security how to)
http://www.irongeek.com/i.php?page=videos/basic-setup-of-security-onion-snort-snorby-barnyard-pulledpork-daemonlogger
(This is quick snapshot but good to give you a flavour)
http://searchsecurity.techtarget.com/video/Security-Onion-tutorial-Analyze-network-traffic-using-Security-Onion
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question