Chapter 6. Deploying Snort
Deploying an NIDS presents an administrator with some real challenges (apart from attempting to find a rational explanation for management on the return on investment for a security project). Installing and getting Snort up and running is just the beginning. You need to figure out what you want to watch, how you can watch it, and how to get meaningful information out of your effort.
Many of the obstacles to your NIDS deployment efforts are not technical at all. You might have to convince management that intrusion detection has value on par with the dollars and labor involved. Another, sometimes unforeseen issue is that an organization may have separate departments for network, server, and security administration—and communication between the groups may be poor.
Snort makes meeting these challenges a bit easier. Snort is free and will run on relatively low-cost hardware (it’s unreal how inexpensive memory and disk have become!). The initial installation and configuration of Snort is fairly straightforward, and you can use my experiences and advice in this book (and the available support of the open source community surrounding Snort) to aid in the ongoing maintenance and administration of your IDS installation. While Snort won’t magically get your different departments talking to one another, Snort sits as a passive listener on the network, needing little cooperation with the other departments to get installed and running. Once you call the server guys with ...
Get Managing Security with Snort & IDS Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.