Chương 2.pdf

Dualcomm tapspan starts at 5995 inline using 2 nics

This preview shows page 65 - 75 out of 75 pages.

DualComm tap/SPAN (starts at $59.95!) Inline using 2 NICs: Internet --> [eth0 --> IPS engine --> eth1] --> LAN Security Onion
Image of page 65

Subscribe to view the full document.

Ø Snort 2.9.0.3 Ø Suricata 1.1beta1 IDS Engines
Image of page 66
Ø Emerging Threats ruleset included Ø Write your own rules Ø Oinkmaster and PulledPork are included for automated rules management Ø Setup script uses PulledPork to download latest Emerging Threats ruleset and (optionally) Snort VRT ruleset IDS Rules
Image of page 67

Subscribe to view the full document.

IDS Rules Create Alerts in Sguil
Image of page 68
IDS Alert Management using Sguil Launch Sguil client in Security Onion
Image of page 69

Subscribe to view the full document.

IDS Alert Management using Sguil Launch Sguil client remotely and display on your Windows box using ssh X-Forwarding
Image of page 70
IDS Alert Management using Squert Squert (web interface), now with alert visualization!
Image of page 71

Subscribe to view the full document.

Packet Analysis/Forensics Security Onion menu: argus bro chaosreader ngrep Snort tcpdump tcpreplay tcpxtract Tshark Wireshark vortex Xplico
Image of page 72
Packet Crafting Ø nmap / Zenmap Ø hping3 Ø inundator Ø ostinato Ø scapy Ø metasploit / Armitage
Image of page 73

Subscribe to view the full document.

Sguil q Sguil (phát âm sgweel) là công cụ mã nguồn mở cho việc giám sát ANM. q Sguil hỗ trợ giám sát theo thời gian thực, chặn bắt và phân tích gói tin theo nhiều chế độ khác nhau. q Sguil client được viết bằng tcl/tk và chạy trên tất cả các hệ điều hành hỗ trợ tcl/tk (Linux, BSD, Solaris, Win32, MacOS).
Image of page 74
Sguil NSM Frontend q Sguil (phát âm sgweel) là công cụ mã nguồn mở cho việc giám sát ANM. q Sguil hỗ trợ giám sát theo thời gian thực, chặn bắt và phân tích gói tin theo nhiều chế độ khác nhau. q Sguil client được biết bằng tcl/tk và chạy trên tất cả các hệ điều hành hỗ trợ tcl/tk (Linux, BSD, Solaris, Win32, MacOS).
Image of page 75
  • Fall '19

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern