Antwort: Setting up an IDS system

Just take this Link here: http://www.entropy.ie/research/snort4-latest.pdf

They have a nice explanation of how to setup an IDS system using Snort and ACID on Linux. They are using Redhat for example but i built it on my Mandrake 8.1.

Example here: http://JAMy.homelinux.org/ or directly: http://JAMy.homelinux.org/acid/acid_main.php

If you have any questions directly to this, just email me.

Mit freundlichen Grüßen
Marko Muncan

Schanzenstraße 36
Gebäude 197
D-51063 Köln

Telefon: +49 (0) 221 96486 - 268
Telefax: +49 (0) 221 96486 -
WEB: http://www.arxes.de
MailTo: Marko.Muncan@arxes.de

                                                                                                                   
                    "Naman Latif"                                                                                  
                                                   
                    named.com>           Kopie:                                                                    
                                         Thema:  Setting up an IDS system                                          
                    31.01.2003                                                                                     
                    18:34                                                                                          
                                                                                                                   
                                                                                                                   

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Hi,
I am in the process of setting up and IDS system using Linux\Snort in DMZ. A couple of questions regarding this

1. Is it a safe practice to have access to this system from Inside Network (for retrieving log files etc) from 1-2 Stations ? Ofcourse IDS won't have access to inside network and be blocked by Firewall.
2. What kind of services should be running on IDS Station ? Should all Web\FTp etc services be stopped ?
3. How important it is to also have an IDS system monitoring the traffic on your Inside Network ? I believe it won't be a good idea to have the SAME DMZ IDS system with another NIC monitoring Inside Network Traffic ?

Any other suggestions OR any Links that I can refer to ?

Regards \\ Naman Received on Wed Feb 5 15:01:18 2003