212

Chapter 7     Miscellaneous Tools

agent system will then update configuration of the firewall or routers depending on the

policy.

 Documentation, examples, and information about how to install SnortSam are

available on its web site. You can find information about the changes you need to make

for a particular type of firewall in the 

snort.conf

 file. You should think twice about

modifying firewall policy; it may lead to Denial of Service (DoS) attacks. For example,

if someone sends you a message resulting in the blocking of root name server

addresses, your DNS server will fail.

7.2 IDS Policy Manager

IDS policy manager is a Microsoft Windows based GUI. It is used to manage the Snort

configuration file and Snort rules on a sensor. It is available from its web site http://

activeworx.com/idspm/. At the time of writing this book, beta version 1.3 is available

from this web site and it supports Snort versions up to 1.9.0. You can download the soft 

ware and install it using normal Windows installation procedures. When you start the

software, a window like the one shown in Figure 7 3 is displayed.

As you can see, this window is initially empty. It has three tabs at the bottom, as

explained below:

  The  Sensor Manager  tab shows the sensors that you are managing with this

tool. Initially there is no sensor listed in the window because you have to add

sensors after installing IDS Manager. This is the default tab when you start the

Policy Manager.

  The  Policy Manager  tab shows configured policies. A policy includes

snort.conf

 file parameters (variables, input and output plug ins, include

files) as well as a list of rules that belong to that policy.

  The  Logging  tab shows log messages.

You can click on any of these tabs to switch to a particular window. To add a new

sensor, you can click on the  Sensor  menu and chose the  Add Sensor  option. A pop 

up window like the one shown in Figure 7 4 appears where you fill out information

about the sensor.