Configuracion Des Snort
Páginas: 7 (1705 palabras)
Publicado: 8 de agosto de 2011
Installing Snort 2.8.6.1 on Windows 7 by Kasey Efaw snortguide@gmail.com
This guide is meant to assist the user is installing, configuring and running the Snort IDS technology on a Windows 7 (32-bit) operating system. This guide could easily be used for other Windows based Operating Systems, just remember with Vista and later you are working with the UAC. Configuring rules, deciphering alertsand tailoring to your specific network is beyond the scope of this guide. It is not advised to test an installation within a production environment and neither Snort nor the Author offer any warranty against negative impacts to your systems that may be derived from following this guide. I have received many e-mails as a result of my previous guides (Snort Installation on Windows XP) and (Snort2.8.5.2 on Windows 7). I would like to thank the Open Source Community for their kind words and questions requiring troubleshooting. As a result of your feedback, this guide has been updated to answer some common questions as well as includes screen shots. In the future, I will have installation and usage videos posted on YouTube under the user name “snortguide”. Although it is recommended to performthe installation from a clean, formatted drive on a standalone system, this guide will work through the steps installed from within a virtual environment using a NAT setup via the Hosts wireless network interface. With the exception of the operating system itself, all software is freely available (check Eula's for Commercial usage). All links are valid as of 9/25/2010 and different steps may berequired if using a version differing from those listed below.
Microsoft Windows 7: http://store.microsoft.com/microsoft/Windows-Windows-7/category/102 Mozilla Firefox 3.6.10: http://www.mozilla.com/en-US/firefox/personal.html Microsoft Security Essentials 1.0.1963.0: http://www.microsoft.com/security_essentials/ COMODO Firewall 5.0: http://www.comodo.com/home/download/download.php?prod=firewallMicrosoft Baseline Security Analyzer 2.2: http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=02be8aeea3b6-4d94-b1c9-4b1989e0900c ActivePerl 5.10.1.1007 (do not use version 5.12): http://www.activestate.com/activeperl/downloads Notepad++ 5.8: http://notepad-plus-plus.org/release/5.8 Foxit Reader 4.1.1:http://download.cnet.com/3001-10743_410313206.html?spi=f165ccaaf923e021affdf6c2f02fc6a9&part=dl-116442 Kiwi Syslog Server 9.1: http://www.kiwisyslog.com/kiwi-syslog-server-download/ 7-Zip 4.65: http://sourceforge.net/projects/sevenzip/files/7-Zip/4.65/7z465.exe/download
WinPcap 4.1.2: http://www.winpcap.org/install/default.htm Snort 2.8.6.1: http://www.snort.org/snort-downloads Oinkmaster 2.0:http://sourceforge.net/projects/oinkmaster/files/oinkmaster/2.0/oinkmaster-2.0.tar.gz/download
1) After installing the Operating System, applying any Windows updates and downloading all of the software listed above, I would advise that you create a System Restore Point and perform some type of backup or drive image creation. This will shorten reinstall times should something not work as expected. 2) With the exception of Oinkmaster, you should now systematicallyinstall all of the downloaded software. Note that you may substitute some of the software (ex. Use IE instead of Firefox or skip installing the Foxit Reader), however some software such as WinPcap are integral to running Snort in the method used in this guide. a) When installing the software, take note of the following: 1) I would recommend using the default options and allow the applicablecomponents to be run as a service/at startup. 2) When installing Kiwi, cancel the installation of the Web Access portion as it will expire after 30 days. 3) During the installation and running of software, the COMODO Firewall will be triggered multiple times and you will need to allow access as necessary. b) I would again ensure that the Operating System and all software are patched and updated. I...
This guide is meant to assist the user is installing, configuring and running the Snort IDS technology on a Windows 7 (32-bit) operating system. This guide could easily be used for other Windows based Operating Systems, just remember with Vista and later you are working with the UAC. Configuring rules, deciphering alertsand tailoring to your specific network is beyond the scope of this guide. It is not advised to test an installation within a production environment and neither Snort nor the Author offer any warranty against negative impacts to your systems that may be derived from following this guide. I have received many e-mails as a result of my previous guides (Snort Installation on Windows XP) and (Snort2.8.5.2 on Windows 7). I would like to thank the Open Source Community for their kind words and questions requiring troubleshooting. As a result of your feedback, this guide has been updated to answer some common questions as well as includes screen shots. In the future, I will have installation and usage videos posted on YouTube under the user name “snortguide”. Although it is recommended to performthe installation from a clean, formatted drive on a standalone system, this guide will work through the steps installed from within a virtual environment using a NAT setup via the Hosts wireless network interface. With the exception of the operating system itself, all software is freely available (check Eula's for Commercial usage). All links are valid as of 9/25/2010 and different steps may berequired if using a version differing from those listed below.
Microsoft Windows 7: http://store.microsoft.com/microsoft/Windows-Windows-7/category/102 Mozilla Firefox 3.6.10: http://www.mozilla.com/en-US/firefox/personal.html Microsoft Security Essentials 1.0.1963.0: http://www.microsoft.com/security_essentials/ COMODO Firewall 5.0: http://www.comodo.com/home/download/download.php?prod=firewallMicrosoft Baseline Security Analyzer 2.2: http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=02be8aeea3b6-4d94-b1c9-4b1989e0900c ActivePerl 5.10.1.1007 (do not use version 5.12): http://www.activestate.com/activeperl/downloads Notepad++ 5.8: http://notepad-plus-plus.org/release/5.8 Foxit Reader 4.1.1:http://download.cnet.com/3001-10743_410313206.html?spi=f165ccaaf923e021affdf6c2f02fc6a9&part=dl-116442 Kiwi Syslog Server 9.1: http://www.kiwisyslog.com/kiwi-syslog-server-download/ 7-Zip 4.65: http://sourceforge.net/projects/sevenzip/files/7-Zip/4.65/7z465.exe/download
WinPcap 4.1.2: http://www.winpcap.org/install/default.htm Snort 2.8.6.1: http://www.snort.org/snort-downloads Oinkmaster 2.0:http://sourceforge.net/projects/oinkmaster/files/oinkmaster/2.0/oinkmaster-2.0.tar.gz/download
1) After installing the Operating System, applying any Windows updates and downloading all of the software listed above, I would advise that you create a System Restore Point and perform some type of backup or drive image creation. This will shorten reinstall times should something not work as expected. 2) With the exception of Oinkmaster, you should now systematicallyinstall all of the downloaded software. Note that you may substitute some of the software (ex. Use IE instead of Firefox or skip installing the Foxit Reader), however some software such as WinPcap are integral to running Snort in the method used in this guide. a) When installing the software, take note of the following: 1) I would recommend using the default options and allow the applicablecomponents to be run as a service/at startup. 2) When installing Kiwi, cancel the installation of the Web Access portion as it will expire after 30 days. 3) During the installation and running of software, the COMODO Firewall will be triggered multiple times and you will need to allow access as necessary. b) I would again ensure that the Operating System and all software are patched and updated. I...
Leer documento completo
Regístrate para leer el documento completo.