Scribd Logo
Upload

Welcome to Scribd!

  • Lab12

    Uploaded by

    deva sena
    13 views11 pages

    Original Title

    180031213_Lab12

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views11 pages

    Lab12

    Uploaded by

    deva sena

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    Reg No:

    DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING


    SUBJECT CODE: 18CS3279
    NETWORK SECURITY

    Lab 8 :: Introduction to Intrusion Detection System

    M SHRAVANI
    180031213
    Learning outcome :
     Understanding the importance of IDS.
     Learning how to implementation of IDS/IPS using snort .

    Pre Lab :
    1. Explain what is IDS and its uses.
    SOL.)
    An intrustion detection system (IDS) is a software application or hardware appliance that monitors traffic
    moving on networks and through systems to search for suspicious activity and known threats, sending up
    alerts when it finds such items.

    An IDS can be used to help analyze the quantity and types of attacks; organizations can use this information
    to change their security systems or implement more effective controls.

    2. Explain what is IPS and its uses.


    SOL.)
    IPS technologies can detect or prevent network security attacks such as brute force attacks, Denial of Service
    (DoS) attacks and vulnerability exploits. A vulnerability is a weakness in a software system and an exploit is
    an attack that leverages that vulnerability to gain control of a system.

    An IPS is used to identify malicious activity, record detected threats, report detected threats and take
    preventative action to stop a threat from doing damage

    3. Explain difference between IDS and IPS.


    SOL.)
    IDS and IPS systems are two parts of network infrastructure that detect and prevent intrusions by
    hackers. Both systems compare network traffic and packets against a database of cyber threats. The
    systems then flag offending packets.

    The primary difference between the two is that one monitors while the other controls. IDS systems
    don't actually change the packets. They just scan the packets and check them against a database of
    known threats. IPS systems, however, prevent the delivery of the packet into the network.

    In Lab:
    Reg No:

    Dinesh after implementing firewall on both windows and Linux now he is interested in
    learning about new techniques which can give an alert to him when an malicious activity is
    trying to occur and if possible to prevent that malicious attempts.

    Task -1 : Help Dinesh to setup a IDS in a Linux machine to detect malicious event i.e.
    Intrusion

     sudo nano /etc/apt/sources.list


     The above command will direct the user to the source list page

    sudo apt-get update


    Reg No:

     Import the public Key which is missing:


    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32

     sudo apt-get update


    Reg No:

     sudo apt-get install snort


    Reg No:

    sudo snort -V

     Steps To open the file snort.conf


    1. Change the present working DIrectory to /etc/snort.
    2. List the files or folders in directory.
    3 The configaration file snort.conf will be available in the directory.
    cd /etc/snort

     Testing The Configaration File:


     sudo nano snorf.conf
    Reg No:
    Reg No:

    Task -2 : Help Dinesh to write some rules in that IDS and help to display a warning message
    when intrusion occur as per written rule above

    cd rules
    ls
    Reg No:

    Return back to the terminal and change the present work directory to /etc/snort
    #cd /etc/snort
    ->Open the configaration file snort.conf
     cd ..
     sudo nano snort.conf

     Include the new rules in the configaration file under “customize your rule set”

     Change snort in IDS mode and initiate the disply alerts in console
    sudo snort -A console -I eth0 -c /etc/snort/snort.conf
    Reg No:

    Post Lab:
    1. What are false positive when considering analyzing the results ?
    Reg No:

    SOL.)
    A false positive is like a false alarm; your house alarm is triggered and there is no burglar. In
    web application security a false positive is when a web application security scanner indicates
    that there is a vulnerability on your website, such as SQL Injection, but in reality, it is not.

    2. What are different types of IDS available ?


    SOL.)
    There are four main types of IDS:
     Network intrusion detection system (NIDS)
     Host-based intrusion detection system (HIDS)
     Perimeter Intrusion Detection System (PIDS)
     VM based Intrusion Detection System (VMIDS)

    3. What are Honeypots and how they are related to IDS ?


    SOL.)
    Production honeypots—serve as decoy systems inside fully operating networks and servers,
    often as part of an intrusion detection system (IDS). They deflect criminal attention
    from the real system while analyzing malicious activity to help mitigate vulnerabilities.

    (For Evaluator’s use only)


    Comment of the Evaluator (if Any)

    Evaluator’s Observation
    Marks Secured: _______ out of ________

    Full Name of the Evaluator:

    Signature of the Evaluator Date of Evaluation:


    Reg No:

    You might also like