<< Back to man.ChinaUnix.net

Intrusion Detection System Administrative Web Page

Endian Firewall contains a powerful intrusion detection system, Snort, which analyses the contents of packets received by the firewall and searches for known signatures of malicious activity.

Figure 5.11. Intrusion Detection System adminstrative web page

Intrusion Detection System adminstrative web page

EFW can monitor packets on the GREEN, BLUE, ORANGE and RED interfaces. Just tick the relevant boxes and click the Save button.

As more attacks are discovered the rules Snort uses to recognize them will be updated. You can choose between 3 updates:

Sourcefire VRT Certified Rules are the official rules of snort.org. Each rule has been rigorously tested against the same standards the VRT uses for Sourcefire customers. These rules are distributed under the new VRT Certified Rules License Agreement that restricts commercial redistribution. There are three ways to obtain these rules:

  1. Subscribers receive real-time rules updates as they are available.

  2. Registered users can access rule updates 5 days after release to subscription users.

  3. Unregistered users receive a static ruleset at the time of each major Snort Release.

To download the latest version, select your preferred rules type and click the Download new ruleset button. To utilize Sourcefire VRT Certified Rules, you need to register on http://www.snort.org. Acknowledge the license, receive your password by email, and connect to the site. Go to USER PREFERENCES, press the 'Get Code' button at the bottom and copy the 40 character Oink Code into the field.