O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Deciding What to Monitor

After putting together an IDS policy centered on what activity is deemed to be unauthorized, you need to put it to practical use. The outcome of the policy should be a high-level overview of the intrusion detection capability you will strive to achieve for the organization. After this process is finished, you should apply the policy to the portions of your network infrastructure you are going to monitor. Getting more granular, you will need to decide which services will be monitored, and the specific attack signatures that will be looked for. We will get into this level of detail when you tune Snort in Chapter 10.

The ideal situation is to monitor everything. Every network device would be covered under Snort's watchful ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required