Snort 2.0 Intrusion Detection
Securing the wireless LANs against internal attacks
MSN'07 Proceedings of the 3rd international conference on Mobile ad-hoc and sensor networks
Hi-index | 0.00 |
Campus networks, and the Information Technology organizations that support these networks, are facing security threats that are increasing in both size and complexity. Students, faculty and (non-academic) staff collectively provide a broad set of expectations and challenges to securely support. Intrusive actions and security challenges may originate outside or within a network. Security and trust can be difficult to maintain in such an environment. Intrusion detection is an important part of a comprehensive security strategy.Snort has become a popular and widely installed Intrusion Detection System (IDS). It functions as a network packet sniffer which, based on comparisons of packet contents with known virus signatures encapsulated as rules, can initiate action and record events and information related to them in a log file and/or database. Because Snort inspects all packets on a network, large amounts of data can be produced, especially until an administrator can tune the rules sets, contained in 52 separate files, to the needs of the installation. This process can lead to a large number of false alerts, which may cause real alerts to be overlooked and the viability of the tool to be questioned.This paper summarizes work with installation and implementation of Snort on a North Central College internal network, with special emphasis on access to data logged to a MySQL database as well as presentation of data through Perl scripts. Output of Perl scripts and code snippets supporting the output are also presented as basis for future efforts.