Task 5

Setting up NIDS sensor (SNORT) and Console for Intrusion Databases (ACID)

Task 5.1 Setting up NIDS sensor (SNORT) and Console for Intrusion Databases (ACID)  (Difficulty = 2)

• Enable the mysql database and create a snort database at your server or client host.  
• Install SNORT to monitor all network interface traffic for each host. Make sure you configure and compile the snort with mysql option.
  
• Configure the snort.conf file and feed the IDS alert log to your snort database
• Use nmap to scan your hosts and test if your IDS sensors are working.
• Install the Analysis Console for Intrusion Databases (ACID) at your firewall to query alert log from your snort database. Check your current host status before you build ACID dependencies.
  
• Put the ACID web page link on your firewall front page with password protection.
• Fine tune your snort rules so as to eliminate false alerts.

Checklist

• Refer to our demo site http://137.189.99.140
  

Related References :

• man page of nmap
• MYSQL
• SNORT
• ACID