© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
12.Appendix A: Step by Step Build of an IDS/IPS
The following steps have been used to build both IDS and IPS capabilities on a
single system. The subject operating system used is OpenBSD.
The hardware
consists of an Intel based computer with 5 network interface cards installed. The
first two cards build an inline bridge and the second pair of cards builds a second
inline bridge. The fifth card is used for remote management of the system.
OpenBSD was chosen because of their reputation in security and handling of the
network stack. The steps listed here pick up after a base install of OpenBSD 4.2
(i386). For more information on how to install OpenBSD please see their web site
(
http://www.openbsd.org/faq/faq4.html
).
While the author does not claim to be an OpenBSD guru, these steps have been
verified to build a baseline IDS/IPS and displays alerts via the Basic Analysis and
Security Engine (BASE) interface. No benchmarking has been done on the prototype
system, and I would highly advise not deploying the resulting system in a production
environment without some thorough testing. The prototype also may (does) not
have permissions to their most restrictive setting. This appendix was the result of
testing out concepts and ideas which were documented in the respective paper and
thus the intent of this appendix is to save the reader time in implementing a test
case to explore the concepts shared. Reading content is a good start but, for many,
having hands on experience will be significantly more beneficial. So let's get
started...
Nicholas Pappas
34
@ 2021 SANS Institute
Author Retains Full Rights
© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
