Transcript PPT
Introduction Intrusion detection is a set of techniques and methods that are used to detect suspicious activity both at the network and host level. Snort is open source Network Intrusion Detection System(NIDS). Snort is Used for Scanning the data flowing on the network . Definitions IDS:-Intrusion Detection System or IDS is software, hardware or combination of both used to detect intruder activity. NIDS:- NIDS capture data packets traveling on the network media (cables, wireless) and match them to a database of signatures. HINDS:- Host-Based intrusion detection systems can look into system and application log files to detect any intruder activity. Signature:- Signature is the pattern that you look for inside a data packet. A signature is used to detect one or multiple types of attacks. Honey Pots:Process of NIDS:- Where IDS should be placed in Network Topology? IDS Policy Who will administer the IDS, rotate logs and so on? Who will handle incidents and how? What will be the escalation process? Reporting. Signature updates. Components of Snort Packet Decoder :- Prepares Packets for processing Preprocessors :- Normalizes protocol headers Detection Engine :- Applies the rules to packets Logging and Alerting System :- Generates alerts and Log messages. Output Modules :- Process alerts and logs and generates final output. Components OF Snort Supported Platforms Snort is supported on a number of hardware platforms and operating systems. Currently Snort is available for the following operating systems: • Linux • OpenBSD • NetBSD • Solaris (both Sparc and i386) • HP-UX • AIX • IRIX • MacOS • Windows Snort Installation Scenarios Typical Snort installations may vary depending upon the environment where you are installing it. Some of the typical installation schemes are Test Installation Single Sensor Production IDS Single Sensor with Network Management System Integration Single Sensor with Database and Web Interface After Installation Processes Now that you have built Snort binary, you have to do few things before you can start using Snort. These include: 1. Create directory /var/log/snort where Snort creates log files by default. 2. Create a directory to save configuration files 3. Create or copy the Snort configuration file in recently created directory. 4. Create a directory and copy default rule files to directory. The path of this directory is mentioned in the main snort.conf file and you can create a directory of your own choice if you like. Advantages of Snort Snort’s open source network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching. The program can also be used to detect probes or attacks, Conclusion Snort is open source Network-Based Intrusion Detection System. Snort is supported on number of hardware platforms and operating systems. A comprehensive working Snort system utilizes tools to provide a web-based user interface with a backend databases. QUESTIONS