50%(2)1 out of 2 people found this document helpful
This preview shows page 1 - 8 out of 23 pages.
Snort® Installation, Configuration andBasic UsageEd MendezDirector, Instructional Design & Development
2Overview:Planning a deploymentPreparing the installation platformSoftware requirementsPerforming the installationBasic Snort operationsTuning strategiesQ&A
3Planning A DeploymentInline vs. Passive•How will your sensor fit into your existingarchitecture?•Switch span ports•Taps•Visibility to the assets you wish to protectStand-alone sensors vs. distributedarchitectures•Visibility between the devices you need tocommunicate with•Access controls
4Preparing The Installation PlatformHardware Considerations•Memory vs. CPU•Interfaces•Inline•Passive•Other hardware considerations•Disks•Motherboard bus architectureOS choice & preparation•Harden the platform
5Software RequirementsSoftware•Install from source or …•Install from pre-built binary package (RPM, Debian,etc.)•For packages, use a package management tool likeYum or apt-getDatabase, Web Server & PHP•The most popular choices are MySQL and Apache•Include the mysql, mysql-devel and mysql-serverpackages for your installation•For PHP, also include the php, php-gd, php-mysql,php-devel & php-pear packages
6Software RequirementsSnort requisite software:•Snort engine – preferably, the most current release•Snort rules – register or subscribe•Libpcap•PCRE•Libnet-1.0.2.a•Unified output processing tool (Barnyard)Other tools:•BASE•ADODB