Nicholas Novello, Shayne Gradwell, Nikolas Todd Snort Network Monitoring System Snort Force One Nicholas Novello, Shayne Gradwell, Nikolas Todd

Agenda Introduction Project Background Budget Challenges What is snort? ProxMox Scripts Budget Challenges Lessons Learned Accomplishments Conclusion Acknowledgements References Questions

Project Background What is snort? How does snort work? Provides real time monitoring for suspicious network traffic, to log, alert, drop packets from potential attacks or matching rules. How does snort work? 3 Main operation modes: Sniffer Packet logger NIDS – Network Intrusions Detection System

Project Background: ProxMox What is ProxMox Hypervisor Virtualized software Debian based. Create virtual containers, or machines using a web Interface

Project Background: Scripts Sets a base line for comparison. Displays number of all protocols captured. Essential for statistical analysis to monitor trends, and detect potential variances. May 18, 2019

Budget Item Hours Rate Cost Shayne Gradwell 79.1 $75 $5,932.5 Nikolas Todd 76.5 $5,737.5 Nicholas Novello 83.4 $6,255 Item Initial Budget Actual Budget Hardware $3,040.65 $3,319.89 Operating Costs/Wages $16,650.00 $17,925 Total $19,690.65 $21,244.89 Variance $1554.24

Challenges Time management Hardware issues. Configuration issues: virtualized environment, Snort logging/NIDS flags, Networking.

Lessons Learned Time management is key. Good Information can be hard to find Journaling is important, both for creating an accurate manual and for budgeting. Things are not as easy as you might expect them to be, so plan accordingly.

Accomplishments Secured Virtualized environment - ProxMox Packet logging - Snort box (CentOS container) Perl script to log metrics – Automated Developed adept problem solving skills Strengthened our friendship over the past 13 weeks

Conclusion As a team we hope to utilize and apply all that we have learned these past few months to our career’s and projects in the future. We have thoroughly enjoyed the challenge and experience while looking forward to a career in the IT industry.

Acknowledgments & References We would like to thank: Timothy Williams Colin Chamberlain Dylan Saunders Jason Fisher Images all public domain obtained from: http://pixabay.com/ http://compfight.com/

References Cont. [1] CISCO IT http://www.cisco.com/c/en/us/products/security/content-security-management-appliance/index.html Last accesed 04/12/2014 [2] Snort https://snort.org/ Last accesed 9/4/2015 [3] Proxmox https://www.proxmox.com/en/ Last accesed 9/4/2015 [4] Snort manual http://manual.snort.org/ Last accesed 9/4/2015 [5] CentOS https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-networkscripts-interfaces.html Last accesed 9/4/2015 [6] CentOS Wiki http://wiki.centos.org/FAQ/CentOS7 Last accesed 9/4/2015 [7] Vimeo https://vimeo.com/10465331 Last accesed 9/4/2015 [8] SANS http://www.sans.org/reading-room/whitepapers/detection/analysis-snort-data-acquisition-modules-34027 Last accesed 9/4/2015 [9] Snort Cookbook http://commons.oreilly.com/wiki/index.php/Snort_Cookbook Last accesed 9/4/2015 [10] Tamato USB http://tomatousb.org/forum/t-369388/step-by-step-procedure-for-installing-and-configuring-snort Last accesed 9/4/2015 [11] The Geek Stuff http://www.thegeekstuff.com/2010/08/snort-tutorial/ Last accesed 9/4/2015 [12] Proxmox wikia https://pve.proxmox.com/wiki/Main Last accesed 9/4/2015 General Ideas http://www.proj354.com/itcs/10to19/wi2014.htm Last accesed 04/12/2014 General Reference Timothy Williams 26/12/2014 [13] William Parker, https://snort.org/documents/snort-2-9-7-x-on-centos-6-x-and-7-x Last accesed 9/4/2015 [14] CentOs.org, https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-networkscripts-interfaces.html Last accesed 9/4/2015 [15] manpagez, http://www.manpagez.com/man/8/snort/ Last accesed 9/4/2015 May 18, 2019

Questions