A DIY Project for Network Security
With sparse resources, our security manager has to do things herself. But a call has her feeling like part of the team. By C.J. Kelly
Computerworld - The past few weeks have been frustrating and rewarding all at the same time. I had set a goal to configure an intrusion-detection system (IDS) using the de facto standard, Snort on Linux. In our environment, we have very little in the way of security tools and devices, and little or no budget to procure such items. This project was the first step in being able to detect potentially malicious network traffic as inexpensively as possible.
Having never done this personally because I previously managed engineers who knew how, and currently having no security-savvy staff to rely on, I was both tentative and excited.
I did several things to prepare. I found a white paper explaining the steps in detail. I figured that, if nothing else, I could follow directions. I also purchased and read a book, The Tao of Network Security Monitoring: Beyond Intrusion Detection, by Richard Bejtlich (Addison Wesley Professional, 2004).
I also met with a friend and colleague, a CISSP and information security officer at a small company, who I knew had been running a similar system for many years. I tried to work my way through the Snort manual but then quickly put it aside as a reference for when I had the system configured and running.
The system is now in production and is producing volumes of data. The challenge is to analyze this data and make sense of it.
There were so many small frustrations along the way that, at this point, I feel only relief that it appears to be working. I had what I call "dumb" frustrations.
For instance, I had a hard time downloading the enormous Red Hat Fedora Core 3 image files and burning those files to CD in the proper format. After numerous attempts and a dozen CDs that wouldn't boot, my colleague created a set of CDs for me to use.
Once the Linux operating system was installed, I realized that I couldn't remember Linux bash commands, so I printed a cheat sheet. Fortunately, the vi text editor commands came back to memory quickly. I followed the directions for installing the additional software needed for the system, step by step by step, then rebooted.
The system appeared to hang at a particular point, so I searched the Linux-newbie newsgroups for a solution. I never did find the exact solution, so I decided that I had done something wrong and rebooted using the rescue CD.
Things went downhill from there, as I manually edited various configuration files based on the advice found online. My efforts ended in
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts