S N O R T I D S B L A S T C O U R S E



Similar documents
Security Onion. Peel Back the Layers of Your Network in Minutes. Doug Burks

USE HONEYPOTS TO KNOW YOUR ENEMIES

NETWORK SECURITY. Scott Hand. Melanie Rich-Wittrig. Enrique Jimenez

Compliance Solu.ons with a Budget in Mind

Berkley Packet Filters and Open Source Tools. a tranched approach to packet capture analysis at today s network speeds

Peeling Back the Layers of the Network Security with Security Onion Gary Smith, Pacific Northwest National Laboratory

Network Security Monitoring

Network Intrusion Analysis (Hands-on)

Network Security Monitoring

Snort Installation - Ubuntu FEUP. SSI - ProDEI Paulo Neto and Rui Chilro. December 7, 2010

Dynamic Rule Based Traffic Analysis in NIDS

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

EZ Snort Rules Find the Truffles, Leave the Dirt. David J. Bianco Vorant Network Security, Inc. 2006, Vorant Network Security, Inc.

SonicWALL NAT Load Balancing

CE363 Data Communications & Networking. Chapter 6 Network Layer: Logical Addressing

Creating a VPN with overlapping subnets

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell

Missing the Obvious: Network Security Monitoring for ICS

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

ΕΠΛ 674: Εργαστήριο 5 Firewalls

COUNTERSNIPE

Second-generation (GenII) honeypots

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol

Lab Objectives & Turn In

Network Security Monitoring

Computer Security: Principles and Practice

Computer Security DD2395

Introduction of Intrusion Detection Systems

Edge Configuration Series Reporting Overview

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

IDS / IPS. James E. Thiel S.W.A.T.

Network Defense Tools

SYMETRIX SOLUTIONS: TECH TIP August 2015

LUCOM GmbH * Ansbacher Str. 2a * Zirndorf * Tel / * Fax / *

Computer Networks By Bahaa Q. Al-Mussawi Subnetting Basics Reduced network traffic Optimized network performance Simplified management

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

Answers to Sample Questions on Network Layer

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Chapter 4 Rate Limiting

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

Exam 1 Review Questions

Chapter 5. IPv4 Addresses. TCP/IP Protocol Suite 1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS

We Are HERE! Subne\ng

F-SECURE MESSAGING SECURITY GATEWAY

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

Configuring Snort as a Firewall on Windows 7 Environment

Configuring Snort as a Firewall on Windows 7 Environment

International Journal of Enterprise Computing and Business Systems ISSN (Online) :

Using IPsec VPN to provide communication between offices

Security Technology: Firewalls and VPNs

Course Title: Penetration Testing: Security Analysis

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Network Monitoring. By: Delbert Thompson Network & Network Security Supervisor Basin Electric Power Cooperative

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Savera Tanwir. Internet Protocol

CONFIGURING TCP/IP ADDRESSING AND SECURITY

Intro to Firewalls. Summary

Multi Stage Filtering

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

BRI to PRI Connection Using Data Over Voice

Minimal network traffic is the result of SiteAudit s design. The information below explains why network traffic is minimized.

Intrusion Detection Systems

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

EFFECTIVE IMPLEMENTATION OF DYNAMIC CLASSIFICATION FOR NETWORK FORENSIC AND TRAFFIC ANALYSIS

IP Filter/Firewall Setup

Chapter 9 Firewalls and Intrusion Prevention Systems

RPM Utility Software. User s Manual

BEGINNER S GUIDE to. Open Source Intrusion Detection Tools.

ITTC Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark

Richard Bejtlich / taosecurity.blogspot.com BSDCan 14 May 04

Subnetting/Supernetting and Classless Addressing

The Power of SNORT SNORT Update

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

IP Subnetting and Addressing

Virtual Fragmentation Reassembly

Network Security Management

Firewalls & Intrusion Detection

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Improving Quality of Service

Logging and Monitoring to Detect Network Intrusions and Compliance Violations in the Environment

Firewalls Overview and Best Practices. White Paper

Who am I? BlackHat RSA

This document is an application note for connecting the GS8 modular gateway with Zed-3 SE family IP PBX.

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

Configuring Network Address Translation (NAT)

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008

Transcription:

S N O R T I D S B L A S T C O U R S E

General Description In this course, we will use the Security Onion operating system. Security Onion is based on Ubuntu Linux distro. It contains the Snort IDS, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. We will use the Snort IDS application for the majority of this blast course. The target learning objective for this course is to introduce the student with to the Snort IDS. We will learn how to setup IP and Port variables for ease of management followed by being acquainted with basic Snort rules. We will then move to define our own custom rules. Finally, we will advance our learning by crafting complex Snort rules to enhance our network IDS capabilities and streamline process powers. This course is streamlined for advanced users who wish to add to their knowledge about IDS capabilities using Snort. Course Starting Date: November 18 2015

What will the student learn? The student will learn different methodologies of dissecting IP packets with the Snort IDS. By doing so, it allows the student to implement granular control over what will gain or be denied access to the internal or external network. What skills will the student learn? The student will learn how to effectively implement an IDS solution that preserves processing power, trim log file output to what is only necessary as well as setup log trap threshold for IDS alerts. What are the student requirements? The student needs to understand how to compute in hexadecimal format, ASCII format and binary calculations. The student also needs to be familiar with IP subnetting (both classful and classless). What will the students need: Host workstation capable of handling at least two VM's simultaneously Security Onion - https://github.com/security-onion-solutions/security-onion/wiki/installation Wire Shark - www.wireshark.org Packet Generator (To be determined)

Curriculum Module 1: Getting acquainted with Snort IDS In this module, we will cover the basics of Snort and what it provides to network administrators. A general overview will be provided to the students on Snort's capabilities and functions. For this course, it is recommended that the student is familiar with the functions of an IDS and IP access control lists. There will be three tasks to complete for this module. Task 1: Setup IP variables with the internal and external network. Task 2: Setup Port variables with internal and external network. Task 3: Setup log messages to output to a destination file for record.

Module 2: Setting up basic Snort rules This module will cover on dissecting snort rule configurations which compose of the Rule Header and the Rule Body. The Rule Header consists of an action, a Source IP and Port, direction indicator, destination IP and Port. The Rule Body consists of the security identifier. This module will consist of three tasks to complete. Task 1: Setup a Snort incoming packet rule to alert the network administrator. Task 2: Setup a Snort rule to drop an outgoing packet. Task 3: Setup a Snort rule to alert for outbound web site request that is prohibited. Task 4: Setup a Snort rule to to inspect contents of a packet in both binary and ASCII format.

Module 3: Configure Detect Offset (DOE) End Pointer (EP) and Byte Offset In this module, we will conclude our course by setting up Snort to dissect packets by using the Detect Offset End Pointer and by inspecting packets using Byte Offset. These two functions allow the Snort IDS to discriminate with precision for known threats. This allows the IDS to process packets much faster than the previous Snort Rules because of its precision capability. Task 1: Dissecting an incoming packet using DOE EP with a content match. Task 2: Creating Snort rule using DOE EP with distance modifier. Task 3: Setup Snort Rule DOE EP with relative offset with the ending position after another DOE advancement.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information