210
Chapter 7     Miscellaneous Tools
Another topic discussed in this chapter is the security of the web server
where ACID is installed. Up to now you have not done anything to secure
the web server. Anybody can access the ACID console and delete the data
collected by Snort. Here you will learn a few methods of securing the web
server itself.
7.1 SnortSam
SnortSam is a tool used to make Snort work with most commonly used firewalls. It is
used to create a Firewall/IDS combined solution. You can configure your firewall auto 
matically to block offending data and addresses from entering your system when
intruder activity is detected. It is available from http://www.snortsam.net/ where you
can find the latest information. The tool consists of two parts:
1.
A Snort output plug in that is installed on the Snort sensor.
2.
An agent that is installed on a machine close to Firewall or Firewall itself. Snort
communicates to the agent using the output plug in in a secure way.
At the time of writing this book, the tools support the following firewalls:
  IP filter based firewalls
  Checkpoint Firewall 1
  Cisco  PIX
  Netscreen
The output plug in, which is compiled with Snort, provides new keywords that
can be used to control firewall behavior. For compiling Snort, refer to  Chapter 2.
In a typical scheme where you are using Checkpoint Firewall, you can run the
SnortSam agent on the firewall itself. Figure 7 1 shows a typical scheme where a Snort
sensor is controlling two Checkpoint firewalls. These firewalls may be running on
Linux, Windows or other UNIX platforms supported by Checkpoint.   
In a typical situation where you don't have a Checkpoint firewall, you will run the
agent on another system, located close to the firewall. Depending on the type of your
firewall, you will add plug ins to the SnortSam agent to control a particular type of fire 
wall. For example, to control a Cisco router access list, you will use the relevant plug in
available from the SnortSam web site. The scheme is shown in Figure 7 2 where the
sensor sends messages to the agent system where the SnortSam agent is running. The






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved