INTRUSION DECTECTION SYSTEM

Trnh by: Trn Huy Cng

!"! th!#u IDS

C$u hnh Snort

Snort BASE

IDS L mt thit b hay software c kh nng theo di cc gi tin xy ra trn h th!ng m"ng #$ %ht hi n ra cc ho"t #ng x&m nh'% (o h th!ng d)a (o cc r*+es #, #- ra .c ho"t #ng c/a 012 ch/ y* + xc #nh +o"i t3n c4ng5 +og +"i cc 6* tr7nh t3n c4ng5 bo co (8i ng9:i 6*n tr

Trn Huy Cng

!"! th!#u IDS

C$u hnh Snort

Snort BASE

C.I /0T SNORT C! %&t '(' )hn *+* )h, thu-' r%m ;i(h htt%<==down+oad>?fedora?redhat?com=%*b=e%e+=@= i>A@=e%e+;re+ease;@;A?noarch?r%m y*m ;y insta++ gcc make r%m;b*i+d a*toconf a*tomake f+ex +ib%ca%;de(e+ bison +ibdnet +ibdnet;de(e+ mys6+;de(e+ %cre;de(e+ %h%;mys6+ mys6+;ser(er

Trn Huy Cng

C.I /0T SNORT C! %&t D12 wget htt%<==www?snort?org=down+oads=ABA ;C da6;D?B;E?src?r%m r%m ;i(h da6;D?B;E?src?r%m cd r%mb*i+d=2FG.2 r%mb*i+d ;bb da6?s%ec r%m ;i(h ??=HFI2=i@A@=da6;D?B;E?i@A@?r%m

Trn Huy Cng

C.I /0T SNORT

C! %&t 3nort cd J wget htt%<==www?snort?org=down+oads=A@B ;C snort;K?L?D?B;E?src?r%m r%m ;i(h snort;K?L?D?B;E?src?r%m cd r%mb*i+d=2FG.2

Trn Huy Cng

C.I /0T SNORT

(i snort?s%ec ;;enab+e;M+ib ;;enab+e;i%(@ ;;enab+e;norma+iMer NKADO r%mb*i+d ;bb ;;with mys6+ snort?s%ec r%m ;i(h ??=HFI2=i@A@=snort;K?L?D?B;E?i@A@?r%m r%m Pi(h ??=HFI2=i@A@=snort;mys6+;K?L?D?B; E?i@A@?r%m

Trn Huy Cng

C:C CH; /< HO=T /<N C>A SNORT Sn!445r *o65: +Qng nghe cc gi tin trn card m"ng ( hi$n th +n mn h7nh 71'85t 9ogg5r Mo65: ghi +"i cc %acket trn R #Sa NIDS Mo65: %h&n tTch cc gi tin trn h th!ng m"ng ( cnh bo

Trn Huy Cng

C:C CH; /< HO=T /<N C>A SNORT Sn!445r *o65 snort ;de( ;(< hi$n th U.F=V1F=0.IF header ;d< hi$n th %acket data ;e< Wi$n th data +ink header +ayer 71'85t ?ogg5r *o65 snort Pde( ;+ X=%ath=to=+og=directoryY snort Pde( ;r X=%ath=to=+og=fi+eY
Trn Huy Cng

C@U HANH SNORT NIDS ser(ice mys6+d restart mys6+admin P* root %assword root mys6+ P% create database snortZ grant a++ %ri(i+eges on snort?[ to snort\+oca+host identified by ]%assword]Z mys6+ ;* snort ;% snort X =*sr=share=snort; K?L?D?B=schemas=create^mys6+

Trn Huy Cng

C@U HANH SNORT NIDS MB 4!?5 C5t'C3nortC3nortD'on4 i%(ar WCIG^_GU ED?D?D?D=K` NELO adynamicdetection directory =*sr=+oca+=+ib=snort^dynamicr*+es NEbbO o*t%*t database< +og5 mys6+5 *sercsnort %asswordc%assword dbnamecsnort hostc+oca+host N>b@O

Trn Huy Cng

C@U HANH SNORT NIDS Id fi+e =etc=sysconfig=snort eLGHUIC1Gcfast N@LO

Trn Huy Cng

C@U HANH SNORT NIDS 1own+oad snortr*+es;sna%shot;KLDB?tar?gM fii ngn c% r*+es=[ =etc=snort=r*+es= ser(ice snortd start

Trn Huy Cng

!"! th!#u IDS

C$u hnh Snort

Snort BASE

SNORT BASE y*m ;y insta++ %h%;adodb %h%;%ear;0mage;fra%h wget htt%<==haist?d+?so*rceforge?net=so*rceforge=sec*rei deas=base;E?`?B?tar?gM tar Mx(f base;E?`?B?tar?gM m( base;E?`?B =(ar=www=htm+=base chown ;H a%ache? =(ar=www=htm+=base c% =(ar=www=htm+=base=base^conf?%h%?dist =(ar=www=htm+=base=base^conf?%h%

Trn Huy Cng

SNORT BASE Id fi+e =(ar=www=htm+=base=base^config?%h% ije2G^*r+%ath c ]=basekZ NBDO i1j+ib^%ath c ]=*sr=share=%h%=adodb]Z NADO ia+ert^dbname c ]snort]Z NEDKO ia+ert^host c ]+oca+host]Z ia+ert^%ort c lmZ ia+ert^*ser c ]snort]Z ia+ert^%assword c ]%asswordkZ

Trn Huy Cng

SNORT BASE E! C5t'Chtt)6C'on4D6Cb135D'on4 e+ias =base =(ar=www=htm+=base X1irectory =(ar=www=htm+=base=Y Crder a++ow5deny e++ow from a++ X=1irectoryY

Trn Huy Cng

FUESTION G THANH YOU IOR YOUR ATTENTION