Presentation is loading. Please wait.

Presentation is loading. Please wait.

Greg Steen.  What is Snort?  Snort purposes  Where can it be used?

Published byOsborne Collins Modified over 9 years ago

Similar presentations

Presentation on theme: "Greg Steen.  What is Snort?  Snort purposes  Where can it be used?"— Presentation transcript:

1 Greg Steen

2  What is Snort?  Snort purposes  Where can it be used?

3  IDS/IPS  Sniffs & Logs packets based on rule set  When inline, can drop packets, thus IPS  Sniffer  Command-line packet sniffer  Packet Logger  Logs packets without a rule base.

4  Architecture  Where will Snort reside on a network?  Installation  Components  Snort- IDS/IPS  Barnyard- Processes output of Snort  Base- GUI to see the captured packets  MySQL- Stores packet information and run DML functions

5  Configuration files  Rules.conf  Snort.conf  Barnyard2.conf  Permission settings  Database  GUI

6  Rule writing  Sample rules  #pass tcp 192.168.1.106 any <> 91.189.88.40 any (msg:"allowed traffic for ubuntu updates";sid:1000011;)  alert icmp !10.1.0.0/16 any -> 10.1.1.0/16 any (msg: "Intrusion traffic";sid: 1000008;)  #drop tcp any 80 <> any 80 (msg:"Drop tcp all port 80";sid:1000014;)  Base lining the network  Important to monitor and establish what is acceptable traffic.

7  Data  What is collected.  Interpretation  Analysis  Uses for data

8  Summary  Snort is an open-source IDS/IPS  Designed to be available at no cost for those that want it  Many businesses can use Snort, small to large and it depends on the amount of maintenance desired to handle.

9

Download ppt "Greg Steen.  What is Snort?  Snort purposes  Where can it be used?"

Similar presentations

Network Intrusion Detection System Omar ISMAIL Internet Engineering Lab Graduate School of Information Science Nara Institute of Science and Technology.

Network Intrusion Detection System Omar ISMAIL Internet Engineering Lab Graduate School of Information Science Nara Institute of Science and Technology.
Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.

Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.

IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.
MONITORING TOOLS Open Source Security Tools to monitor your network.

MONITORING TOOLS Open Source Security Tools to monitor your network.
Introduction to Network Analysis and Sniffer Pro

Introduction to Network Analysis and Sniffer Pro
Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.

Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.
Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.

Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Introduction to Snort’s Working and configuration file

Introduction to Snort’s Working and configuration file
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
Information Networking Security and Assurance Lab National Chung Cheng University Snort.

Information Networking Security and Assurance Lab National Chung Cheng University Snort.
Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy.

Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy.
CIS 193A – Lesson12 Monitoring Tools. CIS 193A – Lesson12 Focus Question What are the common ways of specifying network packets used in tcpdump, wireshark,

CIS 193A – Lesson12 Monitoring Tools. CIS 193A – Lesson12 Focus Question What are the common ways of specifying network packets used in tcpdump, wireshark,
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Similar presentations

Ads by Google