First Previous Next Last         Home

UUASC Snort/Acid Presentation - Before We begin

Slide 11

Note blockquote> Operating System: OpenBSD is most secure, FreeBSD (IMHO) combines security and ease, Linux and Solaris would be fine.
Recommend using stealth capturing on a interface w/o an IP.
You will need to turn "port spanning" on, or the eqiv. on your switch
Cisco: (S)witched (P)ort (An)alyzer
Downsides:
not all switches support spanning
additional load on switch
Drops Packet if there is too much traffic on a single port
Fairly bulky machine
Be ready to spend some time, each day, going through results. Also be prepared to take the time for the first few weeks getting rid of false positives.
Created on Wednesday 30 June 2004 by Nicholas Bernstein with KPresenter