RE: IIS and Snort

From: Kelley, John (john.kelley@nmci-isf.com)
Date: 09/20/01 

Subject: RE: IIS and Snort
Date: Wed, 19 Sep 2001 18:37:51 -0400
Message-ID: <255A2CFF94DFBA4E93814E198ECD29AE093012@NAEANRFKEX07VA.nadsusea.nads.navy.mil>
From: "Kelley, John" <john.kelley@nmci-isf.com>
To: "Brian Carvalho" <brian.carvalho@verizon.net>, <focus-ids@securityfocus.com>

Yes
Yes
Yes

First goto snort.org.. look for a great win32 panel for snort called
'IDS Panel'
The rules sets are very configurable and its up to you to mix and match
the sigs..
get the latest sigs from whitehats.com

-Grep

-----Original Message-----
From: Brian Carvalho [mailto:brian.carvalho@verizon.net]
Sent: Wednesday, September 19, 2001 6:19 PM
To: focus-ids@securityfocus.com
Cc: focus-ms@securityfocus.com
Subject: IIS and Snort

My company has an IIS 5 webserver sitting on the perimeter of
its network. I have done my best to disable and remove just about
every possible service, programs and other files that are not needed,
in my novice eyes I believe I have a bastion host.
 
I would like to setup some sort of IDS to monitor for this server.
What would be the best solution here? I was thinking of
Snort because I've heard so much good praise about it, and
because its free.
 
I have some questions I hope you can shed some light on
to get me moving up to speed...
 
 
Would Snort be a good choice for my application?
 
Are there specific Snort rulesets for IIS?
 
Is there any way to send alerts with Snort?
 
Should I monitor on the actual server or from an admin
machine?
 
 
Any help you can give me would be appreciated...
 
Thankyou.

Relevant Pages

  • Re: 3rd Party IIS log analysis
    ... >>I'm currently in the market for a tool which analyzes IIS logs. ... There are some articles at http://online.securityfocus.com about using Snort ... There are a number of other affordable IDS devices and solutions that have ...
    (microsoft.public.inetserver.iis.security)
  • RE: Win32 Snort Question
    ... Website, in de FAQ about Snort, they expose some good links to that... ... If you try to use the network control panel Windows will complain that no IP ... >I would avoid putting firewall software on the machine as it might block ... >running IIS on the boxes to allow the ACID analysis tool to run. ...
    (Security-Basics)
  • RE: IIS and Snort
    ... Subject: IIS and Snort ... If you have more time then money, then OpenSnort is a great application. ... Snort takes time to setup and tune as well. ... I would like to setup some sort of IDS to monitor for this server. ...
    (Focus-IDS)
  • IIS and Snort
    ... Subject: IIS and Snort ... I would like to setup some sort of IDS to monitor for this server. ...
    (Focus-IDS)