Comments on: Want to Implement IDS & IPS In Linux Firewall http://itknowledgeexchange.techtarget.com/itanswers/wanht-to-implement-ids-ips-in-firewall/ Sun, 19 May 2013 03:14:28 +0000 hourly 1 By: rechil http://itknowledgeexchange.techtarget.com/itanswers/wanht-to-implement-ids-ips-in-firewall/#comment-83856 rechil Tue, 16 Nov 2010 05:10:16 +0000 #comment-83856 iPolicy Networks has a dedicated SWAT team of technical experts whose job is to track new security threats and develop IDS/IPS signatures. The signatures can be automatically downloaded to iPolicy Intrusion Prevention Firewalls deployed for immediate protection of networks.
An Intrusion Detection System (IDS) and IPS are security signatures that can be deployed at different levels in a network. IDS & IPS can use different methods of detecting problems, but the most basic method is using signatures. Like an antivirus program checks files for virus signatures, and IDS will check network traffic for patterns associated with malicious network activity. As far as my knowledge the most popular and powerful of the free IDS solutions is “Snort”. To install SNORT and configure as ur necessity’s.
U have to select an interface for Snort to listen on. It can also be run on the internal interface to inspect outgoing traffic. U have to set the IP address range of ur network. Snort has several configuration files, in which the most important are:

1. /etc/snort/snort.conf: This is the primary configuration file
2. /etc/snort/snort.<linuxOS>.conf: This file is created by the Apt installer.
3. /etc/snort/threshold.conf: This file alerts if u’re seeing lots of same warning.
4. /etc/snort/rules/: This directory contains the snort rules (firewall signatures). These can be manually updated.
Remember u may also add custom IPS signatures. but this is another issue….

]]>