Re: Configuring snort as IPS

[Fabio Almeida <mentesan () gmail com>]

The short answer is:

1 - You'll need to patch snort and recompile
2 - Adjust the rules you want to take an "active response"
3 - Install the snortsam agent on your firewalls
4 - Configure snortsam to take actions based on your firewall system and policies

That's all, the overall setup may seem a little complex but for sure it's worthwhile the trouble.

Just for the sake of completeness, you can put together these softwares to make a good IDS/IPS system:

- Snort + snortsam
- Pulledpork
- Barnyard 
- MySQL
- Snorby
- Snortsam Agents

Regards,
Fabio Almeida

Em 24/01/2012, às 12:48, Sandip Bankewar escreveu:

> Hi Fabio,
>  
> Thanks for your response. I am new to SNORT.
> I have a snort installed so I just need to install this tool right???
>  
>  
> Regards,
> Sandip Bankewar
>  
> From: Fabio Almeida [mailto:mentesan () gmail com] 
> Sent: 24 January 2012 18:57
> To: Sandip Bankewar
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Configuring snort as IPS
>  
> Hi Sandip,
>  
> Active response with http://www.snortsam.net/
>  
> Great and flexible solution, works on many firewall systems and you can use on various Snort Sensors, and firewall 
> boxes.
>  
> Fabio Almeida
> Em 24/01/2012, às 08:09, Sandip Bankewar escreveu:
>
>
> Hi,
>  
> I don’t want my system to be act as gateway.
>  
> What is the best way to configure snort as IPS??
>  
> How can we configure?? Can anyone provide me steps??
>  
>  
> Regards,
> Sandip Bankewar
>  
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d_______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!