Snort Intrusion detection system Charles Beckmann Anthony Magee Vijay Iyer.

Slides:



Advertisements
Similar presentations
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
MONITORING TOOLS Open Source Security Tools to monitor your network.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
System and Network Security Practices COEN 351 E-Commerce Security.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Presented by Serge Kpan LTEC Network Systems Administration 1.
Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.
Autonomous Anti-DDoS Network V2.0 (A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. Spring Semester 2003, CS691 Project.
Host Intrusion Prevention Systems & Beyond
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
Department Of Computer Engineering
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
By: Paul Albert.  Project Description  Design Protocols  User Profiles  Deliverables  Timeline  Budget  Demonstration  Conclusion.
IPTables Tips and Tricks: More Than Just ACCEPT and DROP
Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
COEN 252 Computer Forensics
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.
Intrusion Detection Systems Austen Hayes Cameron Hinkel.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Firewall Policies. Module Objectives By the end of this module participants will be able to: Identify the components used in a firewall policy Create.
Wireless Intrusion Prevention System
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.
Snort - Lightweight Intrusion Detection for Networks YOUNG Wo Sang Program Committee, PISA
Server Hardening Moses Ike and Paul Murley TexSAW 2015 Credit to Daniel Waymel and Corrin Thompson.
Cryptography and Network Security Sixth Edition by William Stallings.
Network Security Major Problems Network Security Major Problems Why Firewall? Why Firewall? Problems with Firewalls Problems with Firewalls What is.
Module 10: Windows Firewall and Caching Fundamentals.
1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..
Venus Project Brief Description. What It Do What Monitor Log Analyze Block Narrow Report Search Where Single stations Internet Gates Special Devices Web.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Greg Steen.  What is Snort?  Snort purposes  Where can it be used?
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Final Project: Advanced Security Blade IPS and DLP blades.
The Perfect Linux Security Firewalls. Introduction of Linux Firewall Security Linux Firewall is very stable, protect our system from malware, system performance.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Final Project: Advanced security blade
Proventia Network Intrusion Prevention System
Top 5 Open Source Firewall Software for Linux User
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Principles of Computer Security
James Logan CS526 Dr. Chow April 29, 2009
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
Intrusion Detection & Prevention
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
OPS235: Configuring a Network Using Virtual Machines – Part 2
Network hardening Chapter 14.
FIREWALL.
Presentation transcript:

Snort Intrusion detection system Charles Beckmann Anthony Magee Vijay Iyer

2 Topics  Software  Setup  Motivations  Rules  Performance  Collected Data  References

3 Software  Debian Robust and stable platform with large community support  IPtables - Popular and preferred on Debian  Snort - Open source, mature, rule driven IDS  Guardian Active Response - Active firewall modification scripts for several firewall programs (not to be confused with DansGuardian)

Snort  Network intrusion detection and prevention system (IDS)  Analyzes incoming traffic for signs of attack  Protocol analysis  Heuristic content matching  Rule based  Report generation

5 Guardian Active Response  Designed for Snort  Whitelist for preventing unwanted blocking  Written is Perl  Supports watching multiple IPs

6 IPtables  Default firewall controller for Debian  Simple to use  Provides fine grained control when needed  Example rule to drop all MySQL traffic to a specific machine  iptables -A FORWARD -p tcp -m tcp -s /0 -d --dport m state --state NEW -j DROP

Motivations: Why do we need Snort?  Many forms of attack can go completely undetected by casual observation  Many modern attacks, such as DDOS, are impossible to prevent or contain using static firewall rules  We need a cheap and automated solution

Motivations: Why use Guardian?  Uses snort logs to dynamically block threats

SNORT Network Configuration

Setup & Integration  Installed on a dedicated machine: The Acronym Friendly Vast Lab Intrusion Detection and Prevention System (AFVLIDPS)  Passive connection to hub sniffs incoming traffic without incurring additional delay  There is a delay, however, between the start of the attack and the Guardian response

11 Rules  Avoid service interruptions due to false positives  Creating rules requires nontrivial amounts of data and analysis  Quality of Service  Restrict to times of day  Restrict based on attack frequency  Staged restrictions

Performance  Guardian can read the logs quickly  MySQL logs are used to view reports and do not affect speed of system  QoS - Quality of Service  Block all potentially harmful traffic?  Limit harmful traffic?  Leak a little traffic from harmful sources?

Data / Results

References  “Design Of an Autonomous Anti DDos network” by Angel Cearns “Design Of an Autonomous Anti DDos network” by Angel Cearns   

This is the last slide  There are no further slides after this slide.  No, Really.  You may now ask questions  They will be answered with questionable sincerity

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.