Skip to main content

Posts

Showing posts from 2019

Mastering in Intrusion Detection System Part - 5

Monitoring the Hacking Attempts with Snort Introduction   Welcome to module 5 of this workshop, so far in this workshop, we have been playing on the command line. A line to help you monitor what snort is doing in the background. Let’s present the front end application which you can use to monitor the intrusion attempts captured by Snort. Pre-requisites    We strongly recommend that you should first complete the previous four modules before starting this module of the workshop.    Monitoring Packets with BASE stands for Basic Analysis and Security Engine. It is a web-based tool to display and filter all events captured by Snort. Download the BASE tool from link http://base.secureideas.net/.   BASE needs some other files and dependencies to work properly, and the first one is adodb, the PHP database abstraction library. Configure BASE   After installing the dependencies and the package, point your web browser to http://<your_snort_server>/base and ...
Read more

Mastering in Intrusion Detection System Part - 4

Configuring Snort as an Intrusion Prevention System Introduction In this module, we will focus on the Intrusion Prevention part of Snort. This would be a bit short script in comparison with the previous module of this workshop. Pre-requisites   It is highly recommended that you should first complete the installation of Snort (recommended on the normal machine) and completed the previous modules. Snort as Intrusion Prevention System (Inline Mode)      Considering the differences between IDS and IPS, the deployment of these two systems is designed according to their role in the network.   Intrusion Detection Systems plays the role of monitoring. They must be able to sniff the traffic that interests them while not compromise the overall network throughput. However, on the other hand, intrusion prevention systems must take immediate action to suspicious packets.   Now, the deployment needs to enable Intrusion Prevention System to look at each packet and de...
Read more

Mastering in Intrusion Detection System Part - 3

Configuring Snort as Intrusion Detection System Introduction  Welcome to the module 3 of this workshop, so far in this workshop, we have been learning about the Snort and its different components and the deployment modes. We have also gone through discussing the Snort architecture. In this module, we will be working to configure Snort as an Intrusion Detection System.    This would be a very quick module to help configure Snort with the easiest and way. However, you need to deep dive into its configuration to enhance your skills further in configuring Snort as per your network requirements. Pre-requisites It is strongly recommended that you should first complete the previous two modules before starting this module. Modes of Snort Snort operates or runs in the three basic modes (1) packet sniffer mode and (2) Network intrusion detection mode (3) Intrusion Prevention Mode. Packet sniffer mode means it can be used by simply logging the sniffed packets acting as a sniffer. Wh...
Read more