acid
DESCRIPTION
ACID presentation for Linux User Group (Singapore) 2004/4/7TRANSCRIPT
- 1. Network Security Analysis using Snort and ACID
-
- Introduction to
-
-
- Network Security Analysis
-
- using
-
- Snort and ACID
-
- Linux User Group Singapore
-
- Friday 7 thMay 2004
-
- By
-
- Michael Boman
2. What we will cover:
- Benefits of running Snort + ACID
- Alert flow in a Snort + ACID setup
- Demo of ACID
- Q & A
3. Why Snort and ACID?
- De-facto standard for Open Source Network IDS
- Very well documented combination
-
- 3 books published
-
- Many HOWTO's available for free on the net
4. Software
- Snort
-
- NIDS engine
- Barnyard / Mudpit / FLoP
-
- Output processor for Snort
- MySQL / PostgreSQL
-
- Alert storage medium
- Apache / ACID
-
- Web server / Web application
- Web browser of choice
-
- Alert display console
5. The Snort Architecture
- Detect Events of Interest on the network
- Send alerts to server
- Receive alerts from sensor
- Display alerts
6. Snort flow : Receiving IDS Alerts 7. Snort flow : Receiving IDS Alerts (barnyard) 8. Snort flow : Getting Alert Details 9. Demo
- Enough theory, let us get our hands dirty with the pig
10. What have we learned?
- Benefits of running Snort + ACID
- Alert flow in a Snort + ACID setup
11. Questions?
- Got any questions? Now is the time to ask them!
12. Suggested reading material
- Snort 2.0 Intrusion Detection
-
- Brian Caswell, Jay Beale, James C. Foster, Jeremy Faircloth; ISBN: 1931836744
- Intrusion Detection with Snort
-
- Jack Koziol; ISBN: 157870281X
- http://www.snort.org/docs/