There are lots of threats out there, and some of them might even penetrate your network. You'll want to know when that happens, so you'll want to have a good Network Intrusion Detection System (NIDS) in place. In this chapter, we'll be looking at Snort, which is probably the most famous one. Then, I'll show you a way to cheat so that you can have a Snort system up and running in no time at all. I'll also show you a quick and easy way to set up an edge firewall appliance, complete with a built-in NIDS.
We've already learned how to scan a machine for viruses and rootkits by installing scanning tools on the machines that we want to scan. However, there are a lot more vulnerabilities that we can scan for, and I'll show you some cool tools that you can use for that.
The following topics will be covered in this chapter:
- Introduction to Snort and Security Onion
- IPFire and its built-in Intrusion Prevention System (IPS)
- Scanning and hardening with Lynis
- Finding vulnerabilities with OpenVAS
- Web server scanning with Nikto
So, if you're ready, let's begin by digging into the Snort Network Intrusion Detection System.