Snort IDS Main Menu, Global Configuration | RuggedCom RX1100

Chapter 25 – Configuring The Snort IDS

When the alert file method is chosen, a daily analysis of the file can be emailed.

The SIDs referenced in alerts can be used to quickly locate the rule via the main Sort IDS menu. The rule itself often contains HTML links to Internet resources such as www.securityfocus.com and cve.mitre.org. These provide more in depth descriptions of the vulnerability.

Performance And Resources

The performance impact of snort varies with the number of interfaces monitored, the number of rules enabled, the packet rate and the logging method.

Snort has been empirically determined to use about 20% of the CPU clock cycles at its maximum processing rate.

The router is capable of recording about 300 entries/second to the local syslog and 500 entries/second to the alert file. Alerts at rates exceeding the above rates will not be recorded.

Snort will require 5 Mbytes of system memory to start with an additional 15 Mbytes of memory for each interface monitored.

Snort IDS Main Menu

This menu configures the snort IDS and is composed of three sections.

Note that snort is disabled by default and may be enabled via the System folder, Bootup And Shutdown menu. If snort is running, configuration changes must be made active by restarting it. The Restart Snort button will restart snort, listing the interfaces it is active upon.

Global Configuration

Figure 194: Snort Main Menu part 1

The Global Configuration menu section configures parameters that apply to all interfaces.

Interfaces

Figure 195: Snort Main Menu part 2

The Interfaces section selects the interfaces snort will monitor. You must restart snort after changing interfaces.

RuggedCom

231

Image 233

RuggedCom RX1100, RX1000 manual Snort IDS Main Menu, Global Configuration, Performance And Resources

Contents

RuggedRouter Ruggedrouter User Guide About this User Guide How To Use This User GuideApplicable Firmware Revision Who Should Use This User Guide Quick Start Recommendations Document Conventions Basic Web Based Configuration Additional Configuration About this User Guide Table Of Contents Table Of Contents RuggedRouter User Guide 100 114 144 Page Table Of Contents Page 241 Page Table Of Figures RuggedRouter Setup Main Menu Scheduled Commands Displaying a Command T1/E1 Network Interfaces After Interface Creation Adsl Link Statistics Show Public Key Link Backup Status 162 Raw Socket Menu IRIGB/IEEE1588 General Configuration menu 230 255 IAS Window Edit Profile 282 Access Methods Setting Up And Administering The RouterAccounts And Password Management Default Configuration RuggedRouter Setup Shell Accessing The RuggedRouter Command PromptConfiguring Passwords From the Console Port Configuring Radius Authentication Configuring IP Address InformationSetting The Hostname Enabling And Disabling The SSH and Web Server Radius Server Configuration menu Enabling And Disabling The Gauntlet Security Appliance Configuring The Date, Time And Timezone RuggedRouter Hardware Information Menu Displaying Hardware Information Selecting a configuration to reload Restoring a Configuration RuggedRouter Web Interface Using a Web Browser to Access the Web InterfaceSSL Certificate Warnings Structure of the Web Interface RuggedRouter Web Interface Main Menu Window LED Status Panel Using The LED Status Panel LED Name Description Obtaining Chassis Information IP Access Control Webmin ConfigurationWebmin Configuration Menu Change Help Server Ports And Addresses Logging Webmin Configuration Menu, Logging Webmin Configuration Menu, Authentication Authentication Webmin Events Log Webmin Events Log This page intentionally blank Bootup And Shutdown Configuring The System Scheduled Commands Change Password Command Scheduled Commands Displaying a Command Webmin Scheduled Cron Jobs Scheduled Cron Jobs System Time System Hostname Network Configuration Configuring Networking Dummy Interface Core Settings Routing And Gateways Default Route TableConfigured Static Routes Manually Entered Static Routes Static Multicast Routing Static Multicast Routing Host Addresses End To End BackupDNS Client Page Current Routing & Interface Table Configuring End To End Backup Ethernet Interface Fundamentals Configuring Ethernet InterfacesVlan Interface Fundamentals LED Designations RuggedRouter Functions Supporting VLANs PPPoE On Native Ethernet Interfaces Fundamentals Ethernet Interfaces Ethernet Editing a Network Interface Editing Currently Active Interfaces Virtual Lan Interfaces Edit Boot Time InterfacesVirtual Interfaces List PPPoE Interfaces PPPoE On Native Ethernet Interfaces Editing a PPPoE Interface Edit PPPoE Interface Current Routes & Interface Table PPP Logs Frame Relay Configuring Frame Relay/PPP And T1/E1T1/E1 Fundamentals Included With T1E1 T1/E1Location Of Interfaces And Labeling Strategy For Creating Interfaces T1/E1 Network Interfaces Naming Of Logical Interfaces Editing a T1/E1 Interface E1 Settings T1 Settings Frame Relay Link Parameters Editing a Logical Interface Frame Relay Frame Relay DLCIs Editing a Logical Interface PPP Link Statistics T1/E1 Statistics Frame Relay Statistics Frame Relay Interface Statistics PPP Link Statistics PPP Interface Statistics T1/E1 Loopback Menu T1/E1 Loopback Upgrading Firmware Upgrading Software T3 Fundamentals Configuring Frame Relay/PPP And T3 T3 Network Interfaces T3 Configuration Edit T3 Interface Editing a T3 Interface T3 Statistics Upgrading Software Page DDS Fundamentals Configuring Frame Relay/PPP DDS Network Interfaces DDS Configuration Edit Logical Interface Frame Relay, single Dlci DDS Link Statistics DDS Statistics Frame Relay And PPP Interface Statistics DDS LoopbackPage Adsl Fundamentals Configuring PPPoE/Bridged Mode OnPPPoE/Bridged Mode Fundamentals Bridged Mode Authentication, Addresses and DNS ServersPPPoE MTU Issues Editing a Logical Interface PPPoE Adsl ConfigurationAdsl Network Interfaces Edit Logical Interface Bridged Editing a Logical Interface Bridged Adsl Link Statistics Adsl Statistics Current Routes & Interface Table PPP Mode Fundamentals Configuring PPP and ModemWhen the Modem Connects Modem Fundamentals Modem Main Menu Modem Configuration Blind dial Modem PPP Client Modem PPP Client Connections Modem Incoming Call Logs Modem PPP Server PPP Logs Modem PPP Logs PPP Connection Logs Modem PPP Connection LogsPage Firewall Fundamentals Configuring The FirewallStateless vs Stateful Firewalls Linux netfilter, iptables And The Shoreline Firewall Network Address Translation Port Forwarding Shorewall Quick Setup Interfaces ShoreWall Terminology And ConceptsZones Policy Hosts Interface Subnet Address Protocol Ports Masquerading And Snat Reject Rules Route Based Virtual Private Networking Configuring The Firewall And VPN Virtual Private Networking To a DMZ Policy Based Virtual Private Networking Starting Shorewall Firewall Menu Firewall Main Menu Shorewall Firewall Menu Network Interfaces Network Zones Editing a Firewall Network Interfaces Firewall Zone Hosts Network Zone Hosts Masquerading Default Policies Editing a Masquerading Rule Firewall Rules Static NAT Static NAT Creating a Static NAT Entry Actions When StoppedPage Page VPN Fundamentals Configuring An IPsec VPNIPsec Modes Policy Vs Route Based VPNs Public Key And Pre-shared Keys Supported Encryption Protocols NAT Traversal Other Configuration Supporting IPSecX509 Certificates VPN Main Menu Before Key Generation Openswan Configuration ProcessVPN Main Menu IPsec and Router InterfacesPage IPsec VPN Configuration After Connections Have Been Created Server Configuration Preshared Keys Public Key IPsec VPN Connection Details List CertificatesVPN Connections Page Export Configuration Left/Right Systems Settings IPsec Status Showing IPsec Status Select a Certificate Authority IPSec X.509 Roaming Client Example Generate X.509 Certificates VPN Networking Parameters Client ConfigurationRouter IPSec Configuration Ethernet Port Configuration Firewall IPSec ConfigurationPage RIP Fundamentals Configuring Dynamic RoutingQuagga, RIP and Ospf Key Ospf And RIP Parameters Ospf FundamentalsLink State Advertisements Network Areas Router-ID Active/Passive Interface DefaultHello Interval and Dead Interval Redistributing Routes Ospf Authentication Configuring Ospf Link CostsRIP Authentication Link Detect Administrative Distances Vrrp Operation Ospf And Vrrp Example NetworkArea And Subnets Dynamic Routing Enable Protocols Core Interface Parameters CoreCore Global Parameters View Core Configuration Ospf Global Parameters OspfPage Ospf Interfaces Ospf Interfaces Ospf Status View Ospf ConfigurationOspf Network Areas RIP Global Parameters RIP Global Parameters RIP Key Chains RIP Interfaces RIP Networks RIP Networks RIP Status View RIP ConfigurationPage Path Failure Discovery Configuring Link BackupLink Backup Fundamentals Use Of Routing Protocols And The Default Route Link Backup Main MenuLink Backup Configuration Edit Link Backup Configuration Test Link Backup Link Backup LogsLink Backup Status Page Page Problem With Static Routing Configuring VrrpVrrp Solution Vrrp Fundamentals Vrrp Example Page Vrrp Main Menu Vrrp Configuration Vrrp Instance Editing a Vrrp Instance Vrrp Instances Status Viewing Vrrp Instances Status Traffic Prioritization Fundamentals Configuring Traffic PrioritizationPriority Queues Filters Included With Traffic Prioritization TOS Prioritization Prioritization Example Interface Prioritization Menu Traffic Prioritization Main Menu Prioritization Transmit Queue Length Prioritization QueuesPrioritization Filters Prioritization Statistics Prioritization Statistics GRE Fundamentals Configuring Generic Routing Encapsulation GRE Main Menu GRE Configuration MenuPage Network Utilities Main Menu Network Utilities Traceroute Menu Ping Menu Tcpdump a Network Interface Host MenuTrace Menu Serial Trace a Serial Server Port Frame Relay Link Layer Trace a WAN Interface Interface Statistics Menu Interface Statistics Menu Current Routing & Interface Table Current Routing & Interface Table Interface Status Page Serial IP Port Features Configuring Serial Protocols Character Encapsulation Serial Protocols ApplicationsRTU Polling Broadcast RTU Polling Host And Remote Roles Serial Protocols Concepts And IssuesUse Of Port Redirectors Message Packetization Serial Protocols Main Menu Use of Turnaround Delays RawSocket Menu Port Settings MenuAssign Protocols Menu Page Serial Protocols Statistics Menu Protocol Specific Packet Error Statistics Serial Protocols Trace Menu Serial Protocols Trace Menu Is provided Serial Protocols Sertrace UtilityPage Layer 2 Tunnel Daemon Details Configuring Goose TunnelsIEC61850 Goose Fundamentals Layer 2 Tunnels Main Menu Layer 2 Tunnels Main Menu Goose Tunnels Menu General Configuration Menu Activity Trace Menu Goose Statistics MenuPage Page Dhcp Fundamentals Configuring The Dhcp serverDhcp Network Organizations Dhcp Client OptionsPage Option 82 Support with Disable NAK Single Network With Option82 Clients On One Switch Example Dhcp Scenarios And ConfigurationsSingle Network With Dynamic IP Assignment Single Network With Static IP AssignmentPage Page Dhcp Server Menu Dhcp Server Main Menu Dhcp Shared Network Configuration Dhcp Shared Network Configuration Dhcp Subnet Configuration Dhcp Subnet Configuration Dhcp Host Configuration Dhcp Group Configuration Dhcp Pool Configuration Dhcp Pool Configuration NTP Fundamentals Configuring NTP Included With NTP NTP Sanity LimitNTP And The Precision Time Protocol Card Generic Options NTP Server Main Menu Peers Configuration Servers Configuration Viewing The NTP Log Viewing The NTP Status Viewing The GPS Log Viewing The GPS Status Included With SSH Configuring SSHSSH Fundamentals SSH Server SSH Main Menu Networking Access ControlPage IEEE1588 Fundamentals Configuring Irigb And IEEE1588PTP Network Roles PTP Master Election Irigb Output Formats Irigb FundamentalsSynchronizing NTP from IEEE1588 How The Router Selects a Reference Clock GPS Cable compensationReference Clocks IRIGB/IEEE1588 Main Menu General Configuration IEEE1588 Configuration Irigb Configuration IEEE1588 Status Irigb Status Irigb Log Page Snort Fundamentals Configuring The Snort IDSWhich Interfaces To Monitor Snort Rules Performance And Resources Global ConfigurationSnort IDS Main Menu Rule Lookup by SID Network SettingsRulesets Alerts & Logging PreProcessors Edit Config File Alert Menu Maintaining The RouterAlert System Alert Configuration Menu Alert Configuration Alert Definition Configuration Alert Filter Configuration Change Alert Definition Page Gauntlet And The Firewall Gauntlet SecurityWhat And How Gauntlet Protects Upgrading Gauntlet Gauntlet Status Menu System Backup And Restore Backup And Restore General Configuration Setup Archive History Archive Backup Archive Difference Tool Archive Restore Archive Differences List Show Difference for selected file between two targets Snmp Configuration Network Addressing Configuration Snmp Configuration Main MenuSystem Configuration Access Control page, Snmp V1 and V2c 250 RuggedCom Trap Configuration page, Trap Options Trap Configuration RuggedRouter supports the following MIBs MIB Support Radius Authentication Edit Radius Server Parameters Radius Authentication Configuration Outgoing Mail Parameter Description Chassis Parameters System Logs Syslog Factory Defaults Changing a Syslog entry to remote log Remote Logging RuggedRouter Software Fundamentals Upgrade System Automatic Upgrade When a Software Upgrade Requires a Reboot Change Repository Server Upgrade to RX1100 Upgrading All Packages Automatic Upgrading Pre-upgrade/Post-upgrade scripts Installing a New Package Upload/Download menu Uploading And Downloading Files Security Actions Security ConsiderationsPage Repository Server Requirements Appendix a Setting Up a RepositoryInitial Repository Setup An Alternate Approach Setting Up The RoutersUpgrading The Repository Upgrading Considerations Appendix B Downgrading Router Software Apache Default Web Appendix C Installing Apache Web Server On WindowsPage Installing IIS Appendix D Installing IIS Web Server On Windows FreeRadius Appendix E Radius Server ConfigurationWindows Internet Authentication Service Edit Profile window, Click Add... button 276 RuggedCom RuggedCom 277 Dhcp Index Goose NTP SSH Vrrp