Using Snort For a Distributed Intrusion Detection System

Intrusion detection has become an extremely important feature of the defense-in-depth strategy. The thought used to be that if you had a firewall protecting your network you were secure. This is no longer the case. A firewall is an essential and important part of network security but it does not have the ability to detect hostile intent. Unlike a firewall, an intrusion detection system has the ability to evaluate solitary packets and generate an alarm if it detects a packet with hostile potential. This document will provide an option for setting up a distributed network intrusion detection system using open source tools including the intrusion detection software Snort. Through the use of open source tools and spare hardware an intrusion detection system can be setup with minimal financial burden.