Computerworld - The past few weeks have been frustrating and rewarding all at the same time. I had set a goal to configure an intrusion-detection system (IDS) using the de facto standard, Snort on Linux. In our environment, we have very little in the way of security tools and devices, and little or no budget to procure such items. This project was the first step in being able to detect potentially malicious network traffic as inexpensively as possible.
Having never done this personally because I previously managed engineers who knew how, and currently having no security-savvy staff to rely on, I was both tentative and excited.
I did several things to prepare. I found a white paper explaining the steps in detail. I figured that, if nothing else, I could follow directions. I also purchased and read a book, The Tao of Network Security Monitoring: Beyond Intrusion Detection, by Richard Bejtlich (Addison Wesley Professional, 2004).
I also met with a friend and colleague, a CISSP and information security officer at a small company, who I knew had been running a similar system for many years. I tried to work my way through the Snort manual but then quickly put it aside as a reference for when I had the system configured and running.
Dumb Frustrations
The system is now in production and is producing volumes of data. The challenge is to analyze this data and make sense of it.
There were so many small frustrations along the way that, at this point, I feel only relief that it appears to be working. I had what I call "dumb" frustrations.
For instance, I had a hard time downloading the enormous Red Hat Fedora Core 3 image files and burning those files to CD in the proper format. After numerous attempts and a dozen CDs that wouldn't boot, my colleague created a set of CDs for me to use.
Once the Linux operating system was installed, I realized that I couldn't remember Linux bash commands, so I printed a cheat sheet. Fortunately, the vi text editor commands came back to memory quickly. I followed the directions for installing the additional software needed for the system, step by step by step, then rebooted.
The system appeared to hang at a particular point, so I searched the Linux-newbie newsgroups for a solution. I never did find the exact solution, so I decided that I had done something wrong and rebooted using the rescue CD.
Things went downhill from there, as I manually edited various configuration files
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
