Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
IDS/IPS - Snort - 360CT Seminar 2
Transcript of IDS/IPS - Snort - 360CT Seminar 2
NIDS: Network Intrusion Detection System
Packet Sniffer: Lists packets that are detected in the network, listing detailed information in the console.
Packet Logger: Records data in a text file.
Honeypot Monitor. Security Network Diagram (SNORT) Comparison solutions in regards to Snort Strata Guard How does an IDS/IPS work? Signature based detection = stores signatures of the different types of attack
Anomaly detection = is an approach that uses predefined rules which can be set to define legitimate and suspicious activity. How Snort works? References http://www.symantec.com/connect/articles/running-snort-part-2
http://www.pearsonhighered.com/samplechapter/0131407333.pdf Troubleshooting Snort has packet sniffing capabilities to analyze traffic.
Packet sniffing allows an application or hardware device to eavesdrop on data
The use of packet sniffing allows: What is Snort? Snort is an open source Intrusion Detection System/Intrusion Prevention System
There is also a paid version of this for companies and other organizations.
Rule based engine
One rule to rule them all
Free rules exploits can be tailored
False positives (time consuming)
Open source rules
Easy to create/modify
Multiple distros Network diagram (no SNORT) Weaknesses Strengths Detects a number of attacks and probes such as: Employes numerous attack-detection technologies: Detects strange activity such as: Snort operates in 3 different modes: IDS - IPS 360CT IDS uses two detection types: An IDS works with the firewall which takes appropriate action such as blocking packets/source IP address An IPS goes one step further and helps prevent attacks as they occur. Sniffer mode
Packet Logger mode
IDS mode Snort has been downloaded 4 million times and has a community of 400,000 users. Protocols Snort uses TCP/IP protocol.
Data link layer (MAC addresses)
Network layer (IP/ICMP packets)
Transport layer (TCP/UDP packets)
Application layer (telnet, web browser, ftp client) Network analysis and troubleshooting
Performance analysis and benchmarking
Eaves dropping for clear-text passwords and other interesting data. Uses a flexible rules language to describe traffic that should collect or pass. Snort is an open source network intrusion prevention and detection system Provides high speed (IDS/IPS)
Delivers real-time and zero-day protection from network and malicious attacks.
Deep packet inspection
Protocol anomaly analysis
Spoofed attack source addresses
TCP state verification
Rogue services running over the network Security rules can be downloaded so Snort can remain up-to-date from known threats. Snort is able to capture all traffic that passes through.
Stores packets as raw data for network administrator to analyze the traffic.
Allows comparison of logs and system behaviour
monitoring. Buffer overflow
Stealth port attacks
OS fingerprinting attempts
Straight packet sniffer i.e tcpdump.
Network intrusion detection system. We, the ethical hacking
students, feel this would be the best choice, as this ties in our knowledge to
requirements Security is an essential element
of network monitoring Security is no longer
limited to physical
access to the network(s) Why Snort? SNORT QUESTIONS? Kiran
Emerson Contact firstname.lastname@example.org