First Previous Next Last         Home

UUASC Snort/Acid Presentation - Prerequisites

Slide 12

Note blockquote> A NIDS is a pretty useful thing to have, but before you even get to this point, you should have done all of the normal system and network hardening basics. If you have not done them, a NIDS should be way down the list. You should already have a pach management system in place, you should have disabled any and all unnecessary services, you should have used local firewalling to make sure that each host can only allow traffic to and from certain hosts on certain ports. You should have your network firewall setup. You should have a network monitoring system, like nagios, or serversalive. You should have set up a central syslog server, and check those logs regularly, you should have daily emails delivered w/ log summaries using logwatch, or similar software, you should have portsentry, or portscand, and tripwire, or samhain, etc . etc. etc.
Created on Wednesday 30 June 2004 by Nicholas Bernstein with KPresenter