Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Whilst googling how to make my network connections more secure, I came across "snort", which looks like an interesting tool. Particularly, I would like to be able to detect whether other people are trying / have broken into my wireless networking.
However, I am very much a beginner whennnit comes to security (e.g. I use the firstarter GUI to set up my firewall - the iptables man pages are a little advanced for me), and am on the whole a newbie anyway. I was wondering whether it would be worth my time to (research how to) use snort, or whether as software it was designed as something more for the mission-critical server environment.
I don't have a clue how to set it up, so before I even try, I thought it would be worth asking this (and so possibly save myself some frustration).
[Also, I was wondering about Wireshark (formerly ethereal). What do people gnereally use this for? Is there an actual administrative use, or is it mostly used for snooping on the transmissions of e.g. unsecured wireless networks?]
Ethereal is commonly used by application developers and network admins to see traffic on the network. I use it at work to see problems with the dhcp servers and clients. It lets you see what is actually hitting the wire rather than just what programs claim to be sending.
Snort is a very complex IDS. It's configuration would take quite a bit of work, but it is very powerful.
What sort of attack are you looking to guard against/detect?
It's configuration would take quite a bit of work, but it is very powerful.
That's what I wanted to know. I was just looking for something fairly basic and easy to configure (newbie-orientated) as a piece of general extra security ofr my system. Snort sounds a bit too advanced.
(Particularly, to see if anyone is [or is trying to] hack into my WAN. I read of people using kismet (?) etc. to detect if anyone is trying to, but how you do this, I don't know).
That's what I wanted to know. I was just looking for something fairly basic and easy to configure (newbie-orientated) as a piece of general extra security ofr my system. Snort sounds a bit too advanced.
but there's super friendly web-based GUI interfaces for snort which will let you configure it and get all kinds of nice reports and stuff... check-out some of those firewall distros and you'll see...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.