lab11 - Lab 11 I t L b 11: Intrusion Detection i D t ti...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
Lab 11: Intrusion Detection ystem DS) System (IDS) Outlines Host-base IDS Tripewire, OSSEC etwork IDS nort Network IDS Snort How to defeat an IDS IEG 7006 (2010) 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lab 11: Intrusion Detection System (IDS) ost ase IDS amhain Host-base IDS Samhain The Samhain host-based intrusion etection system (HIDS) provides file detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit gy , detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows). IEG 7006 (2010) 2
Background image of page 2
Lab 11: Intrusion Detection System (IDS) Host-base IDS OSSEC (http://www.ossec.net/) • OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. • It runs on most operating systems, including inux, OpenBSD, FreeBSD, MacOS, Solaris and Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows IEG 7006 (2010) 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lab 11: Intrusion Detection System (IDS) etwork IDS nort Network IDS Snort Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP etworks an perform protocol analysis networks. It can perform protocol analysis, content searching/matching and can be used to etect a variety of attacks and probes, uch as detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more IEG 7006 (2010) 4
Background image of page 4
Lab 11: Intrusion Detection System (IDS) etwork IDS nort Network IDS Snort Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin rchitecture nort has a real
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 20

lab11 - Lab 11 I t L b 11: Intrusion Detection i D t ti...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online