Presentation is loading. Please wait.

Presentation is loading. Please wait.

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

Published byReynold Stewart Modified over 8 years ago

Similar presentations

Presentation on theme: "SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury."— Presentation transcript:

1 SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury

2 What is intrusion detection? “A true intrusion detection is simply trying to detect the signs of a network intruder before damage is done to the infrastructure.” “A true intrusion detection is simply trying to detect the signs of a network intruder before damage is done to the infrastructure.” A basic example of intrusion detection mechanism would be to review system logs for suspicious activities. Example: Network logs, server logs, internet security monitor logs and even windows eventview logs. A basic example of intrusion detection mechanism would be to review system logs for suspicious activities. Example: Network logs, server logs, internet security monitor logs and even windows eventview logs.

3 There are two key types of IDS: Host based intrusion detection (HIDS): Host based intrusion detection (HIDS): A HIDS might look at the state of a system, its stored information, whether in RAM, in the file-system, log files or elsewhere; and check that the contents of these appear as expected. A HIDS might look at the state of a system, its stored information, whether in RAM, in the file-system, log files or elsewhere; and check that the contents of these appear as expected. Network base intrusion detection (NIDS): Network base intrusion detection (NIDS): NIDS determine when unauthorized people are attempting to break in the network system and alerts the security personal. NIDS determine when unauthorized people are attempting to break in the network system and alerts the security personal. NIDS is the final layer of intrusion detection

4 Why Snort as a NIDS? It is an open source IDS and thus cost effective. It is an open source IDS and thus cost effective. It is platform independent. It is platform independent. It is very flexible and easily deployable. It is very flexible and easily deployable. The rules and signatures are frequently updated. The rules and signatures are frequently updated. It is the most popular open source IDS in the world! It is the most popular open source IDS in the world!

5 SNORT Biopsy begin…. BUT FIRST, LETS SEE WHAT A HACKER DOES? BUT FIRST, LETS SEE WHAT A HACKER DOES? The 6 Rules of Hacking 1. Footprinting 2. Scanning 3. Enumeration 4. Gaining Access 5. Escalating 6. Covering Tracks

6 Snort Installation Configuration of Snort.config Configuration of Snort.config Adodb for database connectivity Adodb for database connectivity Base for the front end GUI Base for the front end GUI Mysql or SQL server as back end database Mysql or SQL server as back end database Php to support the front end Base Php to support the front end Base Winpcap Winpcap

7 The Duo Signature: A network IDS signature is a pattern that we want to look for in traffic. Example: Example: Denial of service attack on a POP3 server caused by issuing the same command thousands of times. One signature for this attack would be to keep track of how many times the command is issued and to alert when that number exceeds a certain threshold.. Denial of service attack on a POP3 server caused by issuing the same command thousands of times. One signature for this attack would be to keep track of how many times the command is issued and to alert when that number exceeds a certain threshold.. Rules: performs some degree of matching against a packet or stream of packets are designed to alert an operator to a network event of interest. This network event is usually identified as a suspicious or malicious activity, but some of the network events could be false positives.

8 Implementation There are many different ways IDS can be installed. One the most current approach is to implement as “Software as a Service”.

9

10

11

12

13 Five Common IDS Implementation Mistakes Ignoring frequent false positives Ignoring frequent false positives Avoiding IPSec to support NIDS Avoiding IPSec to support NIDS Monitoring only inbound connections Monitoring only inbound connections Using Shared Network Resources to gather NIDS data Using Shared Network Resources to gather NIDS data Trusting IDS analysis to non-expert analysts Trusting IDS analysis to non-expert analysts

14 The Future Creating an IDS that can prevent intrusion from happening before the network system is compromised. Creating an IDS that can prevent intrusion from happening before the network system is compromised. - AI. - AI. - Improved algorithm to perform pattern matching. - Improved algorithm to perform pattern matching.

15 Conclusion Ultimately, I think that future IDS will merge all of the independent network components and tools which exist today, into a complete and cooperative system, dedicated to keeping networks stable. There will be many distributed elements performing specific jobs, each passing the results onto a higher level for correlation and analysis. As always, the ultimate authority will be our own judgment. Ultimately, I think that future IDS will merge all of the independent network components and tools which exist today, into a complete and cooperative system, dedicated to keeping networks stable. There will be many distributed elements performing specific jobs, each passing the results onto a higher level for correlation and analysis. As always, the ultimate authority will be our own judgment.

Download ppt "SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
F3 Collecting Network Based Evidence (NBE)

F3 Collecting Network Based Evidence (NBE)
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Similar presentations

Ads by Google