Dr. I Doctor
Dr. I Doctor's Informational Juggernaut
How-To
September 15, 2005
Mac mini How-To: Build a TruffleBox
Here's the first how-to article promised by the preceding item about the Mac mini. It explains how to set up a Mac mini as a world-class intrusion detection system (IDS) probe running Snort. The complete step-by-step instructions are included (in a link at the end of this item). But here are the highlights.
Intrusion detection is an essential network function, but many network admins never get around to deploying it because it's (a) expensive and (b) time consuming to learn. One of the most popular open-source intrusion detection programs is called Snort. Short for..., um, well, nothing, I guess. "Snort" must be an oblique reference to the vacuum-cleaner-like behavior of network sniffers, of which Snort is one.
In any event, Snort is software designed to run on a dedicated, low-end computer, which scans all your network traffic looking for anomalous behavior such as DOS attacks, unauthorized network scanning, virus traffic, etc. It's a rule-driven program, so you can readily enhance it without altering the Snort program itself. And in fact, it's already been highly enhanced, with thousands of user-contributed rules and plug-ins that can flag any of a zillion hacker attack methods.
Building a single Snort IDS probe is not all that exciting, and not even all that hard, although it's pretty tedious if you don't have help. The problem is that a single probe is often not enough -- you need a separate Snort probe device for every Ethernet LAN segment in your enterprise -- and building multiple probes can quickly eat all your availble time. The Mac mini is so well configured by Apple that the total time to build a Snort probe drops from many hours to under one hour.
It's called a TruffleBox because certain species of swine are known for their ability to seek out elusive mushrooms called truffles. Snort = swine; Truffles = intrusions. Hence the term TruffleBox. Get it?
OK, well, it doesn't really matter.
I won't go into all the gory details here, since they're better described (with pictures) in the PDF document explaining the construction process step-by-step (see below). If you don't currently operate an IDS, then you owe it to yourself and your employer to go out right now and buy a Mac mini and build your own TruffleBox! Right now, on your lunch break!
What are you waiting for?
Truffle Box step-by-step setup instructions
Posted by mbeckman on September 15, 2005 at 1:03 AM
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 |
Blog Policy
We welcome your comments and opinions and encourage lively debate on the issues. However, Penton Media reserves the right to delete or move any content that it may determine, in its sole discretion, violates or may violate its Terms of Use or is otherwise unacceptable. For more information, see Penton Media's Terms of Use.