This document provides a step-by-step guide to building an intrusion detection system using open-source software. The process involves Installing RedHat Linux 7.1, Compiling/Installing and configuration of MySql/Apache/ACID/Snort, Setup of Snort rules f Hardening of Machine The document assumes a basic level understanding of linux and computer technologies.
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis and content searching/matching in order to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plug-in architecture.
Click here to go to this article.
Site : entropy.ie