tailieunhanh - Open Source Security Tools : Practical Guide to Security Applications part 25

Open Source Security Tools : Practical Guide to Security Applications part 25. Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses. Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. | Page 219 Thursday June 24 2004 12 17 PM Configuring Snort for Maximum Performance 219 Figure Webmin Snort Edit Ruleset Page Page 220 Thursday June 24 2004 12 17 PM 220 Chapter 7 Intrusion Detection Systems Figure Webmin Snort Module Access Control get more for your hardware dollar with the UNIX version the Windows version is not just a side project it is actually developed by the core Snort group and kept fairly current with the UNIX version. It also allows you to take advantage of point-and-click installation as well as some of the other niceties in Windows 2000 and XP such as built-in IPSec support. It s nice to see an open source project that realizes there are many Windows-only based companies that would still like to take advantage of this great open source IDS. Requirements for Windows Snorting Snort for Windows requires Windows 2000 or XP it won t run on NT 98 or 95. You will also need the WinPcap libraries installed. If you loaded them for a program described earlier in this book such as Ethereal or WinDump then you are all set. Otherwise you can get them at winpcap You will also want the MySQL database if you plan on importing your results into a database. Specific configuration of MySQL for this purpose is covered in Chapter 8. You will need more powerful hardware for your Windows Snort box than the UNIX version to get similar performance. A 700MHz machine is the minimum and you ll Page 221 Tuesday June 29 2004 3 42 PM Configuring Snort for Maximum Performance 221 probably do better with a processor in the gigahertz range. You will also want to make sure your Windows server is locked down appropriately with a minimum of services running taking extra care to uninstall processor hogs such as IIS. Use the Services window under Administrative tools to make sure you aren t running anything you absolutely don t need to. Installing Snort for Windows To get going with Snort for .