Intrusion detection for a newbie

144419855310001 · 08-25-2006, 09:31 AM

Hello

Whilst googling how to make my network connections more secure, I came across "snort", which looks like an interesting tool. Particularly, I would like to be able to detect whether other people are trying / have broken into my wireless networking.

However, I am very much a beginner whennnit comes to security (e.g. I use the firstarter GUI to set up my firewall - the iptables man pages are a little advanced for me), and am on the whole a newbie anyway. I was wondering whether it would be worth my time to (research how to) use snort, or whether as software it was designed as something more for the mission-critical server environment.

I don't have a clue how to set it up, so before I even try, I thought it would be worth asking this (and so possibly save myself some frustration).

[Also, I was wondering about Wireshark (formerly ethereal). What do people gnereally use this for? Is there an actual administrative use, or is it mostly used for snooping on the transmissions of e.g. unsecured wireless networks?]

Matir · 08-25-2006, 09:40 AM

Ethereal is commonly used by application developers and network admins to see traffic on the network. I use it at work to see problems with the dhcp servers and clients. It lets you see what is actually hitting the wire rather than just what programs claim to be sending.

Snort is a very complex IDS. It's configuration would take quite a bit of work, but it is very powerful.

What sort of attack are you looking to guard against/detect?

144419855310001 · 08-26-2006, 07:08 AM

Quote:

It's configuration would take quite a bit of work, but it is very powerful.

That's what I wanted to know. I was just looking for something fairly basic and easy to configure (newbie-orientated) as a piece of general extra security ofr my system. Snort sounds a bit too advanced.

(Particularly, to see if anyone is [or is trying to] hack into my WAN. I read of people using kismet (?) etc. to detect if anyone is trying to, but how you do this, I don't know).

win32sux · 08-26-2006, 06:33 PM

Quote:

Originally Posted by 144419855310001

That's what I wanted to know. I was just looking for something fairly basic and easy to configure (newbie-orientated) as a piece of general extra security ofr my system. Snort sounds a bit too advanced.

but there's super friendly web-based GUI interfaces for snort which will let you configure it and get all kinds of nice reports and stuff... check-out some of those firewall distros and you'll see...