Slide 1

Transcript Slide 1

IDS/IPS Tools
Network Layout - 2008
Hub
UCSB
Tunnel
(Wireshark)
UCSB
IPS
(Astaro)
Hub
Wireshark
Internet
Gateway
Internet
Test
Vmware
Vuln
Vuln
Vuln
Vuln
Switch
Prod
Vmware
Vuln
Special rule to send only
traffic to/from IPS to file
sharing
Chunked up files
Attacker
Attacker
Attacker
Attacker
Attacker
Attacker
NAS
File Sharing
•
•
•
•
DNAT/SNAT
Firewall / iptables
Snort IDS/IPS
Easy to use web interface
• DNAT & SNAT Rules
– All incoming destination 10.0.31.3 translated to
192.168.0.3
– All outgoing source 192.168.1.3 translated to
10.0.31.3
• Problems: Not Free & Snort not as usable
UCSB
UCSB
Tunnel
10.0.31.3 ----- 192.168.1.1
IPS
(Astaro)
Prod Vmware
Vuln
192.168.1.3
• Open source version of Astaro
• Used in transparent proxy mode
– Acts as network bridge – invisible to both sides
UCSB
UCSB
Tunnel
10.0.31.1
Untangle - Network
Bridge
Prod Vmware
Vuln
10.0.31.3
• Packet Filter
– iptables
• Firewall
– Session based (TCP), egress, etc.
• IPS/IDS
– Snort
• http://darkreading.com/blog/archives/2009/11/
how_to_hack_a_b.html?cid=ref-true

Slide 1

Transcript Slide 1

Directory