The document discusses network security analysis using the Snort intrusion detection system and ACID web-based front-end. It covers the benefits of the Snort and ACID combination, an overview of the software components and how alerts flow through the system, and concludes with a demo and Q&A.

1. Network Security Analysis using Snort and ACID Introduction to Network Security Analysis using Snort and ACID Linux User Group Singapore Friday 7 th May 2004 By Michael Boman <michael.boman@boseco.com>

2. What we will cover: Benefits of running Snort + ACID Alert flow in a Snort + ACID setup Demo of ACID Q & A

3. Why Snort and ACID? De-facto standard for Open Source Network IDS Very well documented combination 3 books published Many HOWTO's available for free on the net

4. Software Snort NIDS engine Barnyard / Mudpit / FLoP Output processor for Snort MySQL / PostgreSQL Alert storage medium Apache / ACID Web server / Web application Web browser of choice Alert display “console”

5. The Snort Architecture Detect Events of Interest on the network Send alerts to server Receive alerts from sensor Display alerts

6. Snort flow : Receiving IDS Alerts

7. Snort flow : Receiving IDS Alerts (barnyard)

8. Snort flow : Getting Alert Details

9. Demo Enough theory, let us get our hands dirty with the pig

10. What have we learned? Benefits of running Snort + ACID Alert flow in a Snort + ACID setup

11. Questions? Got any questions? Now is the time to ask them!

12. Suggested reading material Snort 2.0 Intrusion Detection Brian Caswell, Jay Beale, James C. Foster, Jeremy Faircloth; ISBN: 1931836744 Intrusion Detection with Snort Jack Koziol; ISBN: 157870281X http://www.snort.org/docs/