The ACID web page should be fully functional on the network intrusion detection system. This page is normally accessible using the following URL in a graphical web browser. Remember when accessing this page as administrator or as the primary Snort user, all rights and privileges to modify the snort database are granted. Use the following URL for modifying database content.
To view ACID web content without the rights to modify or delete entries, open the acidviewer web page. Verify the MySQL database permissions are set correctly so that any user referencing this particular page cannot remove or hide alerts.
This page should be available only to those individuals needing to consult or view logged alerts. These users should not have the authority to remove existing alerts. Employees should not be able to transmit malicious or harmful content through your network and then cover their tracks once the IDS or internal sensor detects their packets.
Likewise, no one outside your network should have access to either of these pages. The content within the ACID web pages displays source and destination IP addresses containing internal IP addresses. If you are running Name Address Translation (NAT) on your internal network, this information could provide an attacker the added advantage of knowing not only your numbering scheme, but what boxes might be vulnerable and what ports on these machines may be open ...