Installation of WinSnort Contents Introduction I have been tasked with evaluating the latest WinIDS AIO pack from Winsnort.com to determine whether it would be suitable as the intrusion Detection System (IDS) on the company network.Within this report i will include the details of the trial deployment, give a recommendation and then evaluate the product.
What is an IDS? Intrusion in this case is where someone or something as it may be has entered a computer on a network without invitation in attempt to compromise it. Without any systems in place it can be too late before you notice an intruder. his is where an intrusion detection system comes into play. In snort 2. 0 an IDS is described as a high tech burglar alarm. An IDS is configured to monitor access points, hostile activities and known intruders. An IDS can work similarly to an anti-virus where it stores signatures of previous or known intruders, the more secure IDS’s have huge databases of these signatures and can detect patterns activity, traffic, or behaviour it sees in the logs it is monitoring against those signatures to recognize when a close match between a signature and current or recent behaviour occurs.
When an IDS detects an intruder or potential risk it can issue an alarm or alert and/or automatically take action. Deployment As said in the introduction there was a certain IDS that we had to deploy and find out certain information about it, for example; ease of installation, administration, usability, effectiveness as an IDS and also if there were additional features available. Usually Snort is installed on a Linux operating system but in this case we are going to install it using a windows operating system.
Due to it being installed on windows server 2003 it made the difficulty of installation a lot higher as there is not as much documentation on it. There are a number of steps involved when trying to install Snort. Unlike many systems this IDS has to be installed in separate parts. The main parts include: Installing WinPcap Installing and Configuring Snort Installing Apache Web Server Installing and configuring PHP Configuring WinIDS to run as service Installing and configuring MySQL Installing ADODB
Installing and configuring the WinIDS Security Console Creating the WinIDS Security Console Database Tables Configuring the Graphing for the WinIDS Console Securing the WinIDS Security Console Within these parts there is a lot of editing of files through use of opening the main configuration files in WordPad and adapting to our installation. Documentation Recommendation “Snort is, by far, the gold standard among open source NIDS systems, with over 100,000 users and 3 million downloads to date.
Snort signatures are kept up-to-date by its dedicated users and the Snort website has ample documentation including tutorials. It is not, however, easy to use and requires an experienced security IT professional to configure it properly. The fact that it’s free makes it the darling of small and medium-sized businesses that cannot afford the fancy GUIs and wizards of commercial network security products. ” http://www. enterprisenetworkingplanet. com/netos/article. php/10951_3684306_1 Evaluation References