|
The perfect start with Smoothwall Express 3.0 |
|
|
|
Sunday, 09 September 2007 |
|
Page 3 of 4
Step 3: Configuring the Intrusion Detection System
Smoothwall comes with Snort support. Snort is an open source network intrusion prevention system (IPS) capable of performing real-time traffic analysis and packet-logging on IP networks. It can perform protocol analysis, content searching & matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts and more.
In our case, the supported Snort IDS detects potential security attempts from outside our network, but Snort does not prevent these attempts!
To get snort running on your system, you need to register on the Snort website first. After minutes, you will receive an email with further instructions to get the “Oink code”.
Please use this code like the picture shows below:
That’s it. Let’s test if Snort is really doing its job. You can use a port scanner or a penetration test tool like Nessus to check this out. Please check the IDS Log entries after “attacking” your box. You should see similar entries like this:
|
Workshops 
