Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases."— Presentation transcript:

1 Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases

2 Information Networking Security and Assurance Lab National Chung Cheng University 2 Description ACID

3 Information Networking Security and Assurance Lab National Chung Cheng University 3 Objective Setup ACID, MySQL, Snort Super alert Analyzer Performance Benchmarking of ACID

4 Information Networking Security and Assurance Lab National Chung Cheng University 4 About ACID Query-builder and search interface Packet viewer (decoder) Alert management Chart and statistics generation Centralize control

5 Information Networking Security and Assurance Lab National Chung Cheng University 5 System overview ACID+Snort+MySQL ACID

6 Information Networking Security and Assurance Lab National Chung Cheng University 6 Distributed IDS centralize control ACIDDB

7 Information Networking Security and Assurance Lab National Chung Cheng University 7 Prerequisites A database  Package: MySQL Version: 3.23.x+ Homepage: http://www.mysql.com/http://www.mysql.com/ A mechanism  Package: Snort Version: 1.7+ Homepage: http://www.snort.org/http://www.snort.org/  Package: PHP Version: 4.0.4+ Homepage: http://www.php.net/http://www.php.net/ A web server  Package: Apache Server  Version: 1.3.*+  Homepage: http://www.apache.org/http://www.apache.org/ PHP access database API  Package: ADODB Homepage: http://php.weblogs.com/adodb/http://php.weblogs.com/adodb/  Package: PHPlot Homepage: http://www.phplot.comhttp://www.phplot.com  Package: JPGraph Homepage: http://www.aditus.nu/jpgraph/http://www.aditus.nu/jpgraph/  Package: GD Homepage: http://www.boutell.com/gd/http://www.boutell.com/gd/

8 Information Networking Security and Assurance Lab National Chung Cheng University 8 Install ACID and snort Download ACID  http://www.andrew.cmu.edu/user/rdanyliw/snort/sno rtacid.html Decompress acid-0.9.6b23.tar.gz Move ACID to your web directory

9 Information Networking Security and Assurance Lab National Chung Cheng University 9 Setting up the database in MySQL Create database Create user and assign privilege Create snort tables

10 Information Networking Security and Assurance Lab National Chung Cheng University 10 Modify ACID config files Edit acid_conf.php

11 Information Networking Security and Assurance Lab National Chung Cheng University 11 Connect to sensor manager Open http://192.168.1.101/acid/acid_conf.php

12 Information Networking Security and Assurance Lab National Chung Cheng University 12 Setup snort output module Edit /etc/snort/snort.conf

13 Information Networking Security and Assurance Lab National Chung Cheng University 13 Test environment 三暝三日 …

14 Information Networking Security and Assurance Lab National Chung Cheng University 14 Enjoy the results Open http://192.168.1.101/acid/

15 Information Networking Security and Assurance Lab National Chung Cheng University 15 More analysis 5 most frequent alerts (alert listing) 15 most frequent alerts (unique source) Time profile of alerts Last 24 hours Last 72 hours

16 Information Networking Security and Assurance Lab National Chung Cheng University 16 Performance Benchmarking of ACID (Page loading time) Host: Intel Mobile 800Mhz, 256 MB RAM OS: Linux 2.2.16-22 Apache: 1.3.19 PHP: 4.0.5 MySQL: 3.23.32 PostgreSQL:7.1.2 DB schema: v102 ACID: 0.9.6b10 - 0.9.6b13

17 Information Networking Security and Assurance Lab National Chung Cheng University 17 I. Unique Alert Listing (acid_stat_alerts.php)

18 Information Networking Security and Assurance Lab National Chung Cheng University 18 II. ACID Main page (acid_main.php)

19 Information Networking Security and Assurance Lab National Chung Cheng University 19 Summary

20 Information Networking Security and Assurance Lab National Chung Cheng University 20 Reference Performance Benchmarking of ACID  http://www.andrew.cmu.edu/user/rdanyliw/snort/per f/acid_perf.html NIST Intrusion Detection System

21 Information Networking Security and Assurance Lab National Chung Cheng University 21 Appendix A Passive Ethernet Tap Traffic in Traffic out IDS http://www.snort.org/docs/tap/

Download ppt "Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases."

Similar presentations

WordPress from Start to Finish Day 1: Installing and Using WordPress Looking at the WordPress database.

WordPress from Start to Finish Day 1: Installing and Using WordPress Looking at the WordPress database.
1 Network Intrusion Detection System & Its Analyzer: Snort & ACID 60-564: Security and Privacy on the Internet Instructor: Dr. A. K. Aggarwal Presented.

1 Network Intrusion Detection System & Its Analyzer: Snort & ACID : Security and Privacy on the Internet Instructor: Dr. A. K. Aggarwal Presented.
Snort & ACID Low cost, highly configurable IDS by Patrick Southcott

Snort & ACID Low cost, highly configurable IDS by Patrick Southcott
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Information Networking Security and Assurance Lab National Chung Cheng University Kai, 2004 INSA1 Using Kismet to enhance the security level in enterprise.

Information Networking Security and Assurance Lab National Chung Cheng University Kai, 2004 INSA1 Using Kismet to enhance the security level in enterprise.
Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.

Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Analysis Console for Intrusion Databases Roy. Description ACID.

Analysis Console for Intrusion Databases Roy. Description ACID.
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/041 Auditing your Microsoft Windows system Host-Based Intrusion.

Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/041 Auditing your Microsoft Windows system Host-Based Intrusion.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.

Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University

2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University
Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.

Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.
Metadata Server system software laboratory. Overview metadata service in Grid environment Grid environment Metadata server User query data search information.

Metadata Server system software laboratory. Overview metadata service in Grid environment Grid environment Metadata server User query data search information.
2004, Jei Tripwire An Intrusion Detection Tool Information Networking Security and Assurance Lab National Chung Cheng University.

2004, Jei Tripwire An Intrusion Detection Tool Information Networking Security and Assurance Lab National Chung Cheng University.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.
A complete web app using flex. You can use the flex builder to generate the php (server side) code for a flex-php application. As before, Php connects.

A complete web app using flex. You can use the flex builder to generate the php (server side) code for a flex-php application. As before, Php connects.
Honey Inspector Mike Clark Honeynet Project. Honeynet Inspector  Background.

Honey Inspector Mike Clark Honeynet Project. Honeynet Inspector  Background.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.

Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.

Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.

Similar presentations

Ads by Google