O'Reilly logo

Configuring IPCop Firewalls by James Eaton-Lee, Barrie Dempster

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

What to Do Next?

Once you have identified that an incident has occurred, it is important to quickly act on the incident. Although Snort itself provides nothing more than a few ideas on looking further at a specific event, it's the responsibility of the administrator to decide how to handle an event.

In a smaller network a formalized incident response plan isn't always necessary, but it does help in maintaining system security if we have an idea of what to do if subjected to a specific attack. Some good examples would be port scans, denial of service, and exploitation attempts. We can then decide on things like:

  • Do we want to report these?
  • Do we want to analyze other protection systems if they occur?
  • Do we have to notify someone?

Answering a few basic ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required