Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

IDS/IPS - Snort - 360CT Seminar 2

No description

Dan Dan

on 8 March 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of IDS/IPS - Snort - 360CT Seminar 2

Brief Info Created in 2001

NIDS: Network Intrusion Detection System

Packet Sniffer: Lists packets that are detected in the network, listing detailed information in the console.

Packet Logger: Records data in a text file.

Honeypot Monitor. Security Network Diagram (SNORT) Comparison solutions in regards to Snort Strata Guard How does an IDS/IPS work? Signature based detection = stores signatures of the different types of attack

Anomaly detection = is an approach that uses predefined rules which can be set to define legitimate and suspicious activity. How Snort works? References http://www.symantec.com/connect/articles/running-snort-part-2







http://www.pearsonhighered.com/samplechapter/0131407333.pdf Troubleshooting Snort has packet sniffing capabilities to analyze traffic.

Packet sniffing allows an application or hardware device to eavesdrop on data

The use of packet sniffing allows: What is Snort? Snort is an open source Intrusion Detection System/Intrusion Prevention System

There is also a paid version of this for companies and other organizations.

Rule based engine

One rule to rule them all

Free rules exploits can be tailored

False positives (time consuming)
Open source rules

Easy to create/modify

Simple management

Multiple distros Network diagram (no SNORT) Weaknesses Strengths Detects a number of attacks and probes such as: Employes numerous attack-detection technologies: Detects strange activity such as: Snort operates in 3 different modes: IDS - IPS 360CT IDS uses two detection types: An IDS works with the firewall which takes appropriate action such as blocking packets/source IP address An IPS goes one step further and helps prevent attacks as they occur. Sniffer mode

Packet Logger mode

IDS mode Snort has been downloaded 4 million times and has a community of 400,000 users. Protocols Snort uses TCP/IP protocol.

Physical layer

Data link layer (MAC addresses)

Network layer (IP/ICMP packets)

Transport layer (TCP/UDP packets)

Application layer (telnet, web browser, ftp client) Network analysis and troubleshooting

Performance analysis and benchmarking

Eaves dropping for clear-text passwords and other interesting data. Uses a flexible rules language to describe traffic that should collect or pass. Snort is an open source network intrusion prevention and detection system Provides high speed (IDS/IPS)

Delivers real-time and zero-day protection from network and malicious attacks.

Signature based-behavior
Deep packet inspection
Protocol anomaly analysis

Spoofed attack source addresses
TCP state verification
Rogue services running over the network Security rules can be downloaded so Snort can remain up-to-date from known threats. Snort is able to capture all traffic that passes through.

Stores packets as raw data for network administrator to analyze the traffic.

Allows comparison of logs and system behaviour
monitoring. Buffer overflow
Stealth port attacks
CGI attacks
OS fingerprinting attempts
Straight packet sniffer i.e tcpdump.
Packet logger.
Network intrusion detection system. We, the ethical hacking
students, feel this would be the best choice, as this ties in our knowledge to
requirements Security is an essential element
of network monitoring Security is no longer
limited to physical
access to the network(s) Why Snort? SNORT QUESTIONS? Kiran
Emerson Contact patelk16@uni.coventry.ac.uk
Full transcript