IDS question (for a noob)
Brian Kelsay
bkelsay at comcast.net
Fri Aug 29 22:07:38 CDT 2003
Especially since you don't know what you are doing, on your first
attempt, build on the shoulders of giants. IPCOP, found at ipcop.org
has a 25-30MB downloadable ISO that has Red Hat 7.3, snort, iptables and
is secure by default. Also has a nice little web page you can admin the
thing from and grab log files of hack attempts, etc. I use it as my
firewall (it stand between my machines and the wild and wooly internet.
It has worked great for about 3-4 months now. If you want to add
ACID, you can, but I would add mySQL to another internal box and have
the logs sent there for analysis. You can read more about the reasoning
behind this in the IPCop docs.
--
A Computer without Microsoft is like a chocolate cake without mustard.
-as seen on IRC
More information about the Kclug
mailing list