Informatica
Páginas: 33 (8215 palabras)
Publicado: 25 de octubre de 2012
WinIDS - Windows XP / 2003 - IIS6 - MySQL :: WINSNORT.com :: ...
http://www.winsnort.com/index.php?module=Pages&func=display&pag...
Search
Advanced Search
User name Password Remember me
User name
Login
Home
WinIDS
Downloads
Forums
Contact Us
FAQ
Welcome to the home of WinIDS - Windows Intrusion Detection System!
Thank you for visiting WINSNORT.comWindows Intrusion Detection System (WinIDS) Guide
Windows Intrusion Detection System (WinIDS)
Windows XP (SP3 x86-32bit) * 2003 Server (SP2 x86-32bit) Written by: Michael E. Steele
IIS 5.5 Web-Server MySQL Database Server Last Date Revised: October 5, 2012
Introduction
When it comes to deploy an IDS/IPS system, many network engineers automatically think of Snort. Why? First of all, it's ahighly-capable full-featured Intrusion Detection System (that can even act as an Intrusion Prevention System with the appropriate tweaks). Second of all, it's completely free, both its binary and source code tree. Snort can also run in many platforms, including Linux, MS Windows and FreeBSD, so there are plenty of options to deploy this system. However, installing the Windows Intrusion DetectionSystem (WinIDS) with a production-ready setup always takes a while, moreover when you have to "discover" many things and solve many issues on your own in order to complete the setup. I've managed to get through that process in the Windows environment and now I'd like to share my process with you. During my research I found a lot of guides and blogs like this describing the installation
1 de 1424/10/2012 11:31
WinIDS - Windows XP / 2003 - IIS6 - MySQL :: WINSNORT.com :: ...
http://www.winsnort.com/index.php?module=Pages&func=display&pag...
process. Yet, none of them specifically detailed setting this up in a Windows environment, so I had to gather a lot of information and I had to generate some information as well.
M y setup is a classical Windows Intrusion Detection System(WinIDS) deployment:
Snort running in passive mode (i.e. not running inline). This guide details how to setup and run Snort as an IDS environment. Barnyard2 will process Snort's unified2 log files. A MySQL-driven database will store processed events/logs for further analysis. Internet Information Services 6.0 web-server will drive the Windows Intrusion Detection System (WinIDS) analysis GUIconsole. BASE will serve as the web-based Windows Intrusion Detection System Console (WinIDS) events analysis GUI console. I have to say that even when this guide is written to seamlessly integrate these tools, I've made my best at describing the installation process of each component as general as possible. This way, you can take important elements to develop your own setup integrating other tools.Although I created this guide using a single computer, it's very easy to extend the deployment to multiple computers (multi-tier approach), each one in charge of one task (i.e. sensors, database server, web server).
Copyright Notice
This document is Copyright © 2002-2012 Michael Steele. All rights reserved. Permission to distribute this document is hereby granted providing that distribution iselectronic, in it's original form, no money is involved, and this copyright notice is maintained. Other requests for distribution will be considered. Use the information in this document at your own risk. Michael Steele disavows any potential liability of this document. Use of the concepts, examples, and/or other content of this document are entirely at your own risk. This guide is written in thehope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. All copyrights are owned by their owners, unless specifically noted otherwise. Third party trademarks or brand names are the property of their owners. Use of a term in this document should not be regarded as affecting the validity of any trademark or...
http://www.winsnort.com/index.php?module=Pages&func=display&pag...
Search
Advanced Search
User name Password Remember me
User name
Login
Home
WinIDS
Downloads
Forums
Contact Us
FAQ
Welcome to the home of WinIDS - Windows Intrusion Detection System!
Thank you for visiting WINSNORT.comWindows Intrusion Detection System (WinIDS) Guide
Windows Intrusion Detection System (WinIDS)
Windows XP (SP3 x86-32bit) * 2003 Server (SP2 x86-32bit) Written by: Michael E. Steele
IIS 5.5 Web-Server MySQL Database Server Last Date Revised: October 5, 2012
Introduction
When it comes to deploy an IDS/IPS system, many network engineers automatically think of Snort. Why? First of all, it's ahighly-capable full-featured Intrusion Detection System (that can even act as an Intrusion Prevention System with the appropriate tweaks). Second of all, it's completely free, both its binary and source code tree. Snort can also run in many platforms, including Linux, MS Windows and FreeBSD, so there are plenty of options to deploy this system. However, installing the Windows Intrusion DetectionSystem (WinIDS) with a production-ready setup always takes a while, moreover when you have to "discover" many things and solve many issues on your own in order to complete the setup. I've managed to get through that process in the Windows environment and now I'd like to share my process with you. During my research I found a lot of guides and blogs like this describing the installation
1 de 1424/10/2012 11:31
WinIDS - Windows XP / 2003 - IIS6 - MySQL :: WINSNORT.com :: ...
http://www.winsnort.com/index.php?module=Pages&func=display&pag...
process. Yet, none of them specifically detailed setting this up in a Windows environment, so I had to gather a lot of information and I had to generate some information as well.
M y setup is a classical Windows Intrusion Detection System(WinIDS) deployment:
Snort running in passive mode (i.e. not running inline). This guide details how to setup and run Snort as an IDS environment. Barnyard2 will process Snort's unified2 log files. A MySQL-driven database will store processed events/logs for further analysis. Internet Information Services 6.0 web-server will drive the Windows Intrusion Detection System (WinIDS) analysis GUIconsole. BASE will serve as the web-based Windows Intrusion Detection System Console (WinIDS) events analysis GUI console. I have to say that even when this guide is written to seamlessly integrate these tools, I've made my best at describing the installation process of each component as general as possible. This way, you can take important elements to develop your own setup integrating other tools.Although I created this guide using a single computer, it's very easy to extend the deployment to multiple computers (multi-tier approach), each one in charge of one task (i.e. sensors, database server, web server).
Copyright Notice
This document is Copyright © 2002-2012 Michael Steele. All rights reserved. Permission to distribute this document is hereby granted providing that distribution iselectronic, in it's original form, no money is involved, and this copyright notice is maintained. Other requests for distribution will be considered. Use the information in this document at your own risk. Michael Steele disavows any potential liability of this document. Use of the concepts, examples, and/or other content of this document are entirely at your own risk. This guide is written in thehope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. All copyrights are owned by their owners, unless specifically noted otherwise. Third party trademarks or brand names are the property of their owners. Use of a term in this document should not be regarded as affecting the validity of any trademark or...
Leer documento completo
Regístrate para leer el documento completo.