Snort® Installation, Configuration and
Basic Usage
Ed Mendez
Director, Instructional Design & Development
2
Overview:
Planning a deployment
Preparing the installation platform
Software requirements
Performing the installation
Basic Snort operations
Tuning strategies
Q&A
3
Planning A Deployment
Inline vs. Passive
•
How will your sensor fit into your existing
architecture?
•
Switch span ports
•
Taps
•
Visibility to the assets you wish to protect
Stand-alone sensors vs. distributed
architectures
•
Visibility between the devices you need to
communicate with
•
Access controls
4
Preparing The Installation Platform
Hardware Considerations
•
Memory vs. CPU
•
Interfaces
•
Inline
•
Passive
•
Other hardware considerations
•
Disks
•
Motherboard bus architecture
OS choice & preparation
•
Harden the platform
5
Software Requirements
Software
•
Install from source or …
•
Install from pre-built binary package (RPM, Debian,
etc.)
•
For packages, use a package management tool like
Yum or apt-get
Database, Web Server & PHP
•
The most popular choices are MySQL and Apache
•
Include the mysql, mysql-devel and mysql-server
packages for your installation
•
For PHP, also include the php, php-gd, php-mysql,
php-devel & php-pear packages
6
Software Requirements
Snort requisite software:
•
Snort engine – preferably, the most current release
•
Snort rules – register or subscribe
•
Libpcap
•
PCRE
•
Libnet-1.0.2.a
•
Unified output processing tool (Barnyard)
Other tools:
•
BASE
•
ADODB
7
You've reached the end of your free preview.
Want to read all 23 pages?
- Spring '16
- Dea
- Information Security, configuration file, snort, Configuration files, INI file, basic snort operations
