A DIY Project for Network Security
With sparse resources, our security manager has to do things herself. But a call has her feeling like part of the team. By C.J. Kelly
June 6, 2005 12:00 PM ETComputerworld -
The past few weeks have been frustrating and rewarding all at the same time. I had set a goal to configure an intrusion-detection system (IDS) using the de facto standard, Snort on Linux. In our environment, we have very little in the way of security tools and devices, and little or no budget to procure such items. This project was the first step in being able to detect potentially malicious network traffic as inexpensively as possible.
Having never done this personally because I previously managed engineers who knew how, and currently having no security-savvy staff to rely on, I was both tentative and excited.
I did several things to prepare. I found a white paper explaining the steps in detail. I figured that, if nothing else, I could follow directions. I also purchased and read a book, The Tao of Network Security Monitoring: Beyond Intrusion Detection, by Richard Bejtlich (Addison Wesley Professional, 2004).
I also met with a friend and colleague, a CISSP and information security officer at a small company, who I knew had been running a similar system for many years. I tried to work my way through the Snort manual but then quickly put it aside as a reference for when I had the system configured and running.
Dumb Frustrations
The system is now in production and is producing volumes of data. The challenge is to analyze this data and make sense of it.
There were so many small frustrations along the way that, at this point, I feel only relief that it appears to be working. I had what I call "dumb" frustrations.
For instance, I had a hard time downloading the enormous Red Hat Fedora Core 3 image files and burning those files to CD in the proper format. After numerous attempts and a dozen CDs that wouldn't boot, my colleague created a set of CDs for me to use.
Once the Linux operating system was installed, I realized that I couldn't remember Linux bash commands, so I printed a cheat sheet. Fortunately, the vi text editor commands came back to memory quickly. I followed the directions for installing the additional software needed for the system, step by step by step, then rebooted.
The system appeared to hang at a particular point, so I searched the Linux-newbie newsgroups for a solution. I never did find the exact solution, so I decided that I had done something wrong and rebooted using the rescue CD.
Things went downhill from there, as I manually edited various configuration files
Security
Additional Resources



White Papers & Webcasts
The State of PCI DSS Compliance at Organizations Today
Download this resource today!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
