Network Security: Lab#5 Port Scanners and Intrusion Detection System

Slides:



Advertisements
Similar presentations
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Advertisements

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Nmap Experiment.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Computer Security and Penetration Testing
Information Networking Security and Assurance Lab National Chung Cheng University Snort.
Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy.
CIS 193A – Lesson12 Monitoring Tools. CIS 193A – Lesson12 Focus Question What are the common ways of specifying network packets used in tcpdump, wireshark,
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.
Simulation of IDS by using Activeworx Security Center (ASC) and Snort, MySQL, CommView Presented by Shamsul Wazed & Quazi Rahman School of Computer Science.
Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.
Ana Chanaba Robert Huylo
Penetration Testing Security Analysis and Advanced Tools: Snort.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
Intrusion Detection: Snort. Basics: History Snort was developed in 1998 by Martin Roesch. It was intended to be an open-source technology, and remains.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Intrusion Detection Systems Austen Hayes Cameron Hinkel.
Network Security: Lab#4-2 Packet Sniffers J. H. Wang Dec. 2, 2013.
SNORT Tutorial Sreekanth Malladi (modifying original by N. Youngworth)
CIS 450 – Network Security Chapter 3 – Information Gathering.
COEN 252: Computer Forensics Network Analysis and Intrusion Detection with Snort.
SNORT Feed the Pig Vicki Insixiengmay Jon Krieger.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
FORESEC Academy FORESEC Academy Security Essentials (III)
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.
Cs490ns - cotter1 Snort Intrusion Detection System
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Linux Networking and Security
A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Snort Intrusion Detection. What is Snort Packet Analysis Tool Most widely deployed NIDS Initial release by Marty Roesch in 1998 Current version
An overview.
Intrusion Intrusion Detection Systems with Snort Hailun Yan 564-project.
COEN 252: Computer Forensics Network Analysis and Intrusion Detection with Snort.
Hands-On Ethical Hacking and Network Defense
Greg Steen.  What is Snort?  Snort purposes  Where can it be used?
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com.
Penetration Testing Scanning
IDS Intrusion Detection Systems
Snort – IDS / IPS.
Kiyoshi Kodama, SE Japan 07-Oct-2008
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
SNORT.
NETWORK SECURITY LAB Lab 9. IDS and IPS.
Intrusion Detection Systems (IDS)
Configuration Of A Pull Network.
Presentation transcript:

Network Security: Lab#5 Port Scanners and Intrusion Detection System J. H. Wang Dec. 3, 2013

Objectives To learn to use port scanners Nmap To introduce the ideas of intrusion detection system Snort

Packages Used in this Lab Nmap Snort

Experiment Scenario Port scanners Use port scanners to check the potential weakness in a system Vulnerable ports System types

Nmap Homepage: http://nmap.org/ Version: 6.40 Platforms: Linux/FreeBSD/Windows/MacOS X Installation steps Simply follow the instructions on screen

Example Usage for Nmap Enter an IP address (or hostname) in [Target], and press [Scan] Open ports will be listed Type of OS will be detected Many types of Scans TCP scan SYN scan UDP scan ACK scan Window scan FIN scan Others: proxy scan, ICMP scan, …

Web-based Port Scanners Examples http://viewdns.info/portscan/

Nessus Homepage: http://www.tenable.com/products/nessus Latest version: 5.2.4 Originally open source, but now proprietary by Tenable Network Security Free to use in homes Installation skipped

Intrusion Detection Systems Host-based IDS (HIDS) To monitor the status of files in a system File integrity checking, log analysis E.g. Tripwire, OSSEC Network-based IDS (NIDS) To detect the malicious network traffic such as DoS attacks E.g. Snort

Tripwire Originally open source, but now commercial Open source Tripwire available, which is based on previous open-source versions http://sf.net/projects/tripwire/

OSSEC Originally open source, but acquired by Trend Micro Will remain to be open source (as claimed by Trend Micro) http://www.ossec.net/

Snort Homepage: http://www.snort.org/ Latest version: 2.9.5.6 Platforms: Linux/Windows An open-source NIDS, which also requires WinPcap Installation steps Simply follow the instructions on screen Note: In [Installation Options], please check [Enable IPv6 support] for demo of IDS functions

Example Usage for Snort cd \snort Sniffer mode: (default) To show headers only: bin\snort -v To show headers and data: bin\snort -vd A more descriptive display: bin\snort -vde Packet logger mode To records packets in logging directory: bin\snort -dev -l log To log in binary mode bin\snort -l log -b To playback the packets in log bin\snort -r packet.log

Network intrusion detection system mode bin\snort -l log -c etc\snort.conf (Some problems with the configuration file to work in Windows…) You need to understand how to write the rules for intrusion detection…

Summary Port scanners Nmap Intrusion detection system Snort

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.