Intrusion Detection with Snort on Red Hat Enterprise Linux 5
Jun 21, 2007, 04:30 (0 Talkback[s])
(Other stories by James Turnbull)
[ Thanks to E.
Stride for this link. ]
"Intrusion detection and intrusion prevention systems (IDS and
IPS, respectively) provide the ability to inspect and analyze
network traffic and either generate alerts or drop traffic in the
event that an attack or a malicious event is detected. They are two
of a number of controls, such as firewalls, designed to protect
your network from a variety of attacks. Both IDS and IPS are
commonly deployed in organization's perimeters to protect
externally-facing assets, like Internet-facing Web services. They
can also be deployed internally to ward off attacks or virus
outbreaks. For example, an IPS sensor that can be configured to
stop the spread of a virus or worm may be located in-line on an
internal network choke point.
"We're going to demonstrate how to quickly install and run the
open source IDS sensor Snort on Red Hat Enterprise Linux 5 (RHEL
5). The instructions below will also generally work for RHEL 4,
CentOS 4 and 5, as well as Fedora Core 5 and 6..."