Summary
This chapter introduced the planning tasks required to install Snort effectively. Planning is an essential stage that ensures the IDS does the work it is intended to do. Without proper planning, you are likely to encounter significant difficulties. Planning helps you answer some of the most difficult questions posed by novice Snort users, such as:
What should I be monitoring for?
What alerts can I afford to ignore?
Where should I place my sensors?
What do I do now that I have discovered a security breach?
The first step in planning is to create an IDS policy that fits into a more broad information security or risk management policy. In its most basic form, an IDS is designed to monitor for abnormal or suspicious activity. In this monitoring ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
