A DIY Project for Network Security
With sparse resources, our security manager has to do things herself. But a call has her feeling like part of the team. By C.J. Kelly
Computerworld - The past few weeks have been frustrating and rewarding all at the same time. I had set a goal to configure an intrusion-detection system (IDS) using the de facto standard, Snort on Linux. In our environment, we have very little in the way of security tools and devices, and little or no budget to procure such items. This project was the first step in being able to detect potentially malicious network traffic as inexpensively as possible.
Having never done this personally because I previously managed engineers who knew how, and currently having no security-savvy staff to rely on, I was both tentative and excited.
I did several things to prepare. I found a white paper explaining the steps in detail. I figured that, if nothing else, I could follow directions. I also purchased and read a book, The Tao of Network Security Monitoring: Beyond Intrusion Detection, by Richard Bejtlich (Addison Wesley Professional, 2004).
I also met with a friend and colleague, a CISSP and information security officer at a small company, who I knew had been running a similar system for many years. I tried to work my way through the Snort manual but then quickly put it aside as a reference for when I had the system configured and running.
The system is now in production and is producing volumes of data. The challenge is to analyze this data and make sense of it.
There were so many small frustrations along the way that, at this point, I feel only relief that it appears to be working. I had what I call "dumb" frustrations.
For instance, I had a hard time downloading the enormous Red Hat Fedora Core 3 image files and burning those files to CD in the proper format. After numerous attempts and a dozen CDs that wouldn't boot, my colleague created a set of CDs for me to use.
Once the Linux operating system was installed, I realized that I couldn't remember Linux bash commands, so I printed a cheat sheet. Fortunately, the vi text editor commands came back to memory quickly. I followed the directions for installing the additional software needed for the system, step by step by step, then rebooted.
The system appeared to hang at a particular point, so I searched the Linux-newbie newsgroups for a solution. I never did find the exact solution, so I decided that I had done something wrong and rebooted using the rescue CD.
Things went downhill from there, as I manually edited various configuration files based on the advice found online. My efforts ended in
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!