Originally Published: Thursday, 4 October 2001 Author: Shashank Pandey
Published to: enchance_articles_security/Advanced Security Articles Page: 1/5 - [Printable]

Installing and Configuring Portsentry: Intrusion Detection Systems for the Uninitiated.

Linux.com enjoys providing information we suspect you, dear reader, will particulary value. In this Linux.com security article correspondent Shashank Pandey shows us how to set up and configure the Intrusion Detection Software (IDS) PortSentry. We hope you find this useful.

   Page 1 of 5  >>

Intrusion Detection Systems for the Uninitiated!

So perhaps you have been following all those defacement mirrors and are worried about whether your machine is going be the next entry in the archives? This article is intended to act as a health supplement for your existing security needs and policies.

Now, like I just said, this article is like a health supplement, but you have to consume it along with your basic food intake. In other words have a basic security policy in place, otherwise you'll be wasting your time here.

In this article (and the one that will follow), we will discuss what an Intrusion detection actually is, what software you can use to combat them, and how to install not one protection package, but a couple of them.

What is an IDS?

An IDS is expected to detect attacks (like someone port scanning you), log the attacker's traffic, help trace the origin of the attack and possibly even stop the attack midstream.

To achieve this an IDS has to do a lot of things like analyzing the captured packets for an attack, comparing them with a database of attack signatures, performing integrity checks on file system (like if somebody has tampered with your /etc/shadow file), watching processes etc.

There are vendor defined IDS models like network ids, host ids, procedure based ids. Basically, enough options to confuse us!

In this article we will leave all that junk aside and focus on the principles: installation, configuration and a bit about bypassing IDSs.

We will learn about all this in a series on IDSs comprising of two articles/parts/whatevers :

Part 1 :Installing and Config. Portsentry (a simple an' sweet IDS)

Part 2 : Installing and Configuring Snort (relatively advanced IDS and with more functionalities.)

   Page 1 of 5  >>