Transcript PPT

Introduction
Intrusion detection is a set of techniques and
methods that are used to detect suspicious
activity both at the network and host level.
Snort is open source Network Intrusion
Detection System(NIDS).
Snort is Used for Scanning the data flowing on
the network .
Definitions
IDS:-Intrusion Detection System or IDS is software, hardware
or combination of both used to detect intruder activity.
NIDS:- NIDS capture data packets traveling on the network
media (cables, wireless) and match them to a database of
signatures.
HINDS:- Host-Based intrusion detection systems can look into
system and application log files to detect any intruder activity.
Signature:- Signature is the pattern that you look for inside a
data packet. A signature is used to detect one or multiple types
of attacks.
Honey Pots:Process of NIDS:-
Where IDS should be placed in
Network Topology?
IDS Policy
Who will administer the IDS, rotate logs and so
on?
Who will handle incidents and how?
What will be the escalation process?
Reporting.
Signature updates.
Components of Snort
Packet Decoder :- Prepares Packets for processing
 Preprocessors :- Normalizes protocol headers
 Detection Engine :- Applies the rules to packets
Logging and Alerting System :- Generates alerts and
Log messages.
Output Modules :- Process alerts and logs and
generates final output.
Components OF Snort
Supported Platforms
Snort is supported on a number of hardware
platforms and operating systems. Currently Snort is
available for the following operating systems:
• Linux
• OpenBSD
• NetBSD
• Solaris (both Sparc and i386)
• HP-UX
• AIX
• IRIX
• MacOS
• Windows
Snort Installation Scenarios
Typical Snort installations may vary
depending upon the environment where you are
installing it. Some of the typical installation
schemes are
Test Installation
Single Sensor Production IDS
Single Sensor with Network Management
System Integration
Single Sensor with Database and Web
Interface
After Installation Processes
Now that you have built Snort binary, you have to do few
things before you can start using Snort. These include:
1. Create directory /var/log/snort where Snort creates log files by
default.
2. Create a directory to save configuration files
3. Create or copy the Snort configuration file in recently created
directory.
4. Create a directory and copy default rule files to directory. The path of
this directory is mentioned in the main snort.conf file and you can
create a directory of your own choice if you like.
Advantages of Snort
Snort’s open source network-based intrusion detection
system (NIDS) has the ability to perform real-time
traffic analysis and packet logging on Internet Protocol
(IP) networks.
Snort performs protocol analysis, content searching,
and content matching.
The program can also be used to detect probes or
attacks,
Conclusion
 Snort is open source Network-Based
Intrusion Detection System.
Snort is supported on number of hardware
platforms and operating systems.
A comprehensive working Snort system
utilizes tools to provide a web-based user
interface with a backend databases.
QUESTIONS