- 1. Network Security Analysis using Snort and ACID
-
- Network Security Analysis
-
- Linux User Group Singapore
2. What we will cover:
- Benefits of running Snort + ACID
- Alert flow in a Snort + ACID setup
3. Why Snort and ACID?
- De-facto standard for Open Source Network IDS
- Very well documented combination
-
- Many HOWTO's available for free on the net
4. Software
-
- Output processor for Snort
-
- Web server / Web application
5. The Snort Architecture
- Detect Events of Interest on the network
- Receive alerts from sensor
6. Snort flow : Receiving IDS Alerts 7. Snort flow : Receiving
IDS Alerts (barnyard) 8. Snort flow : Getting Alert Details 9.
Demo
- Enough theory, let us get our hands dirty with the pig
10. What have we learned?
- Benefits of running Snort + ACID
- Alert flow in a Snort + ACID setup
11. Questions?
- Got any questions? Now is the time to ask them!
12. Suggested reading material
- Snort 2.0 Intrusion Detection
-
- Brian Caswell, Jay Beale, James C. Foster, Jeremy Faircloth;
ISBN: 1931836744
- Intrusion Detection with Snort
-
- Jack Koziol; ISBN: 157870281X
- http://www.snort.org/docs/