Presentation is loading. Please wait.

Presentation is loading. Please wait.

Snort Intrusion detection system Charles Beckmann Anthony Magee Vijay Iyer.

Published byCharlotte Russell Modified over 8 years ago

Similar presentations

Presentation on theme: "Snort Intrusion detection system Charles Beckmann Anthony Magee Vijay Iyer."— Presentation transcript:

1 Snort Intrusion detection system Charles Beckmann Anthony Magee Vijay Iyer

2 2 Topics  Software  Setup  Motivations  Rules  Performance  Collected Data  References

3 3 Software  Debian 5.0 - Robust and stable platform with large community support  IPtables - Popular and preferred on Debian  Snort - Open source, mature, rule driven IDS  Guardian Active Response - Active firewall modification scripts for several firewall programs (not to be confused with DansGuardian)

4 Snort  Network intrusion detection and prevention system (IDS)  Analyzes incoming traffic for signs of attack  Protocol analysis  Heuristic content matching  Rule based  Report generation

5 5 Guardian Active Response  Designed for Snort  Whitelist for preventing unwanted blocking  Written is Perl  Supports watching multiple IPs

6 6 IPtables  Default firewall controller for Debian  Simple to use  Provides fine grained control when needed  Example rule to drop all MySQL traffic to a specific machine  iptables -A FORWARD -p tcp -m tcp -s 0.0.0.0/0 -d --dport 3306 -m state --state NEW -j DROP

7 Motivations: Why do we need Snort?  Many forms of attack can go completely undetected by casual observation  Many modern attacks, such as DDOS, are impossible to prevent or contain using static firewall rules  We need a cheap and automated solution

8 Motivations: Why use Guardian?  Uses snort logs to dynamically block threats

9 SNORT Network Configuration

10 Setup & Integration  Installed on a dedicated machine: The Acronym Friendly Vast Lab Intrusion Detection and Prevention System (AFVLIDPS)  Passive connection to hub sniffs incoming traffic without incurring additional delay  There is a delay, however, between the start of the attack and the Guardian response

11 11 Rules  Avoid service interruptions due to false positives  Creating rules requires nontrivial amounts of data and analysis  Quality of Service  Restrict to times of day  Restrict based on attack frequency  Staged restrictions

12 Performance  Guardian can read the logs quickly  MySQL logs are used to view reports and do not affect speed of system  QoS - Quality of Service  Block all potentially harmful traffic?  Limit harmful traffic?  Leak a little traffic from harmful sources?

13 Data / Results

14 References  “Design Of an Autonomous Anti DDos network” by Angel Cearns “Design Of an Autonomous Anti DDos network” by Angel Cearns  http://www.snort.org http://www.snort.org  http://www.iptables.org http://www.iptables.org  http://www.chaotic.org/guardian/ http://www.chaotic.org/guardian/ 14

15 This is the last slide  There are no further slides after this slide.  No, Really.  You may now ask questions  They will be answered with questionable sincerity

Download ppt "Snort Intrusion detection system Charles Beckmann Anthony Magee Vijay Iyer."

Similar presentations

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
MONITORING TOOLS Open Source Security Tools to monitor your network.

MONITORING TOOLS Open Source Security Tools to monitor your network.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.

Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.

Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.
Autonomous Anti-DDoS Network V2.0 (A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. Spring Semester 2003, CS691 Project.

Autonomous Anti-DDoS Network V2.0 (A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. Spring Semester 2003, CS691 Project.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
By: Paul Albert.  Project Description  Design Protocols  User Profiles  Deliverables  Timeline  Budget  Demonstration  Conclusion.

By: Paul Albert.  Project Description  Design Protocols  User Profiles  Deliverables  Timeline  Budget  Demonstration  Conclusion.

Similar presentations

Ads by Google