Managing Security with Snort and IDS Tools

ICMP (Internet Control Message Protocol) 

    troubleshooting network problems 

icmp-info.rules 

icmp.rules 

icmp_all (response keyword) 

icmp_host (response keyword) 

icmp_id: rule option 

icmp_net (response keyword) 

icmp_port (response keyword) 

icmp_seq: rule option 

icmphdr table 

icode: rule option 

ID Serve 

id: rule option 

IDS

    detecting traffic generated by other 

    evasion 

    load balancers 

        commercial 

    log retention requirements 

    Policy Manager  2nd 

    signature-based versus antivirus software 

    stress-testing 

IDS Distribution System (I(DS)2) 

    installing 

IDS management 

    ACID  [See ACID]

    commercial tools 

        Applied Watch Console 

        PureSecure Console 

        Sourcefire Management Console 

    open source tools 

        Cerebus 

        IDS Policy Manager 

        Oinkmaster 

        SnortReport 

        SnortSnarf 

    SnortCenter  [See SnortCenter]

IDs, changing after initialization  2nd 

IDSPolMan  2nd 

IEEE OUI and Company_id Assignments 

iis_backslash option (http_inspect_server) 

iis_delimeter option (http_inspect_server) 

iis_Unicode option (http_inspect_server) 

iis_Unicode_map option (http_inspect preprocessor) 

iis_Unicode_map option (http_inspect_server) 

illegal packet header settings 

IMAP email service, detecting attacks to 

imap.rules 

implied trust 

include command 

include option (snortsam.conf) 

info.rules 

inline patch (Snort) 

    configuring Snort 

    creating rules for 

    downloading 

inspect_uri_only option (http_inspect_server) 

installing Snort 

    build-time options 

    source code installation 

    staying current 

    version 

    Windows installations 

instant messengers, detecting 

interface: option (snort.conf) 

interfaces

    configuring with sensors 

    monitoring multiple 

    network

        promiscuous mode 

    Snort listens on 

    stealth 

Internet Control Message Protocol (ICMP) 

Internet Information Server (IIS) web servers, detecting attacks to 

Internet Information Services (IIS) web server, disabling rule set 

Internet Protocol (IP) 

intrusion detection 

    approaches to 

    gateway 

    network, challenges of 

        false positives 

        missing prerequisites 

        prerequisites 

        unrealistic expectations 

    real-time 

    systems 

intrusion prevention  [See also IPS]2nd 

    strategies 

Intrusion Prevention System  [See IPS]

IP (Internet Protocol) 

IP addresses

    gathering information regarding 

    listing in rule headers 

    mapping to MAC addresses 

    negating in rule headers 

IP Calculator / IP Subnetting 

IP Filter (ipf) - Unix-based OS firewall and SnortSAM 

IP header 

IP stacks (TCP/IP) 

IP-Tools  2nd 

ip_proto: rule option 

ipchains and SnortSAM 

ipchains option (snortsam.conf) 

iphdr table 

ipopts: rule option 

IPS (Intrusion Prevention System) 

    deployment risks 

        blocking legitimate traffic 

        exploit beating attempted block 

        self-inflicted denial-of-service 

        session interception IPS identification 

iptables and SnortSAM 

iptables option (snortsam.conf) 

ISECOM Security Tools 

itype: rule option