Building and Maintaining a NIDS Cluster Using FreeBSD and Snort

In today's world what you don't know can hurt you. Internet is becoming a really ugly place, and the attacks that are lunched are becoming more sophisticated and easier to use. This is a harsh reality, but it's true. You are no longer safe just buying a firewall: most firewalls are not intelligent and usually badly configured - besides the firewall code can also have flaws, just like any other software. I don't say that getting a firewall is a bad idea, but trusting your firewall to protect you against everything is a bad thing. What I am going to show you here is how to build a NIDS cluster with central logging and maintenance facilities. Hopefully this will help you take more control over your environment so you actually know what is happening on your network, and by knowing that you can take appropriate counter measures to remove the threat. This can include everything to automatically tearing down the TCP connection to reconfigure the firewall(s) to block the offending packets to enter your network in the first place.