Manualshelf

User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550
161162163164165166167168169170
Firewall
157
Check Enabled.
Select the network Interface to monitor (Snort IDS only). This is typically Internet, or
possibly DMZ.
Check Use less memory to restrict Snort's memory usage (Snort IPS only). This results
in slower signature detection throughput, but may be necessary if the device is
configured to run many services, many VPN tunnels, or both Snort IDS and IPS.
Rule sets are sets of defined patterns or rules used for the detection of attacks. These
are grouped by type such as ddos, exploit, backdoor, netbios, etc. Each group
encompasses many attack signatures. The full list of signatures can be viewed at the
Snort web site (http://www.snort.org).
Note
The more rule sets that are selected, the greater load is imposed on the device.
Therefore a conservative rather than aggressive approach to adding rule sets should be
followed initially.
Logging to an analysis server (Snort IDS only)
Typically, Snort in IDS mode is configured to log intrusion attempts to a remote database
server, which in turn runs an analysis console. An analysis console, such as BASE
(Basic Analysis and Security Engine), is an application purpose built for analyzing this log
output.