Author: Andrew Hay

HowTo Build a Snort-based NSM

Here is a great step-by-step document for creating a Network Security Management infrastructure using Snort, Apache, SSL, PHP, MySQL, and BASE installed on CentOS 4, RHEL 4 or Fedora Core – with NTOP.

Introduction from Patrick Harper, CISSP, RHCT, MCSE:

This is really a deviation from what I have done before. It will start from a minimal install of CentOS 4 or RHEL 4 and will build a Snort sensor/manager. This system will start at the command line and not have X window installed unless you add it during the install. Also you can use Fedora with very little change to this doc.

The document can be downloaded from and so can a VMWare image with the NSM completely configured.

I have personally set this up without running into any issues. I strongly suggest you pre-read the document before attempting the steps so that you understand what is required of you.

A multi-stage approach to securing your email communication

An excellent article is available over at Howto Forge on “A multi-stage approach to securing your email communication

When speaking of mail server-related security, one tends to limit the issue to message applied security measures, and even more to Antivirus and Antispam protection. This is however only one stage in the more complex process of securing your server. This article aims at identifying and explaining all security layers, highly important when choosing a certain mail server and consequently when configuring and using it.

DShield – The Distributed Intrusion Detection System is an attempt to collect data about cracker activity from all over the internet. This data will be cataloged and summarized. It can be used to discover trends in activity and prepare better firewall rules.

Right now, the system is tailored to simple packet filters. As firewall systems that produce easy to parse packet filter logs are now available for most operating systems, this data can be submitted and used without much effort.

More complex patterns, such as are used by application level firewalls may be handled in the future.

DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.

If you use a firewall, please submit your logs to the DShield database. You may either download one of their ready to go client programs, or use their Web Interface to manually submit your firewall logs. Registration is encouraged, but is not required.

Everybody is welcome to use the information in the DShield reports and database summaries to protect their network from intrusion attempts.

More information about how DShield works is on their home page.

Scroll to top