Presentation is loading. Please wait.

Presentation is loading. Please wait.

Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy."— Presentation transcript:

1 Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy

2 Log Analysis (Windows And linux) What is log analysis? Describes an event (or) process activity in detail on the system. Examples : user authentication event log ftp authentication.

3 Setup for LogAnalysis Application Log Specific to particular application. eg:MS word,Windows Media Player Security Log Specifically logs all the security features. System Log Logs all the system related activities.

4 Linux Auditing Sysklog Metalog LogRotater Basic Linux Auditing Syslogd: Gives information about the general activities about the Kernel,Mails,Process and Remote logins.

5 Intrusion Detection Systems (IDS) What is an intrusion Detection System (IDS)? Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent Example : Snort

6 Steps to setup IDS Installation of snort Creation of Snort configuration files Creation of rules Testing of rules

7 Operation of Snort

8 Using Snort in Different Scenarios Ping nmap Scan Utility Subseven Trojan Telnet Internet Explorer

9 SNORT AS A SNIFFER

10 Starting snort to sniff the data on the network.

11 Pinging the server from the client and sniffing data on server by snort.

12 Traffic dump for Linux using snort

13 Output for the snort sniffed data

14 Adding preprocessor to the config files of Snort to filter port scanner.

15 Xmas scan using nmap

16 Alerts in Snort log files for Xmas Stealth activity.

17 Preprocessor to sniff Trojans activity (ettercap)

18 Creating snort config file to use detection engine

19 Starting the snort service with detection engine

20 Using Internet Explorer to detect directory traversal attack by snort

21 Alert for the Directory Traversal attack in snort alerts file

22 Creating the rules in snort to detect the subseven Trojan

23 Adding subseven rules to config file of snort

24 Starting the snort service with new subseven rule

25 Attacking the server with subseven Trojan

26 Alert log for the subseven Trojan detection

27 Subseven Trojan scenario on Linux

Download ppt "Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy."

Similar presentations

© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.

© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.
CN 8822. Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,

CN Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Packets and Protocols Chapter Seven Real World Packet Captures.

Packets and Protocols Chapter Seven Real World Packet Captures.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Information Networking Security and Assurance Lab National Chung Cheng University Snort.

Information Networking Security and Assurance Lab National Chung Cheng University Snort.
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.

Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
CIS 193A – Lesson12 Monitoring Tools. CIS 193A – Lesson12 Focus Question What are the common ways of specifying network packets used in tcpdump, wireshark,

CIS 193A – Lesson12 Monitoring Tools. CIS 193A – Lesson12 Focus Question What are the common ways of specifying network packets used in tcpdump, wireshark,
Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.

Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.

USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.
IST346:  Information Security Policy  Monitoring and Logging.

IST346:  Information Security Policy  Monitoring and Logging.
Intrusion Detection System [Snort]

Intrusion Detection System [Snort]
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

Similar presentations

Ads by Google