1 / 11

An Intrusion Detection System

Shoab Ahmed - 624 Tutorial. An Intrusion Detection System. Overview. What is Snort? Uses? Architecture Components. Snort?. Network intrusion detection system.

evania
Download Presentation

An Intrusion Detection System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shoab Ahmed - 624 Tutorial An Intrusion Detection System

  2. Overview • What is Snort? • Uses? • Architecture • Components

  3. Snort? • Network intrusion detection system. • Detects malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. • Open Source now developed by Sourcefire.

  4. Can be used as? • IDS – intrusion detection system. • IPS – intrusion prevention system. • Packet sniffer: capture and display packets from the network with different levels of detail on the console • Packet logger: log data in text file. • Honeypot monitor: deceiving hostile parties

  5. Deploying?

  6. Architecture From: Nalneesh Gaur, Snort: Planning IDS for your enterprise, http://www.linuxjournal.com/article/4668, 2001.

  7. Components • Packet Decoder: takes packets from different types of network interfaces (Ethernet, SLIP,PPP…), prepare packets for processing • Preprocessor: • (1) prepare data for detection engine; • (2) detect anomalies in packet headers; • (3) packet defragmentation; • (4) decode HTTP URI; • (5) reassemble TCP streams. • Detection Engine: the most important part, applies rules to packets • Logging and Alerting System • Output Modules: process alerts and logs and generate final output.

  8. Rules • Rules are created by known intrusion signatures. • Usually place in snort.conf configuration file. • Written in one single line. Eg.

  9. Commands • Install snort on VM1 sudo apt-get install snort -y • Assign IP of the interface to sniff. • Start snort in quite mode,on eth1, view console snort –q –A console –i eth1 –c /etc/snort/snort.conf

  10. Nmap • Nmap (Network Mapper) is a security scanner. • Probing computer networks • Host discovery • Service and OSdetection • Port Scans

  11. Commands • Host and OS scan Nmap –v –A 192.168.56.10 • Network scan Nmap –sP 192.168.56.0/24

More Related