Professional Documents
Culture Documents
Lab12
Lab12
M SHRAVANI
180031213
Learning outcome :
Understanding the importance of IDS.
Learning how to implementation of IDS/IPS using snort .
Pre Lab :
1. Explain what is IDS and its uses.
SOL.)
An intrustion detection system (IDS) is a software application or hardware appliance that monitors traffic
moving on networks and through systems to search for suspicious activity and known threats, sending up
alerts when it finds such items.
An IDS can be used to help analyze the quantity and types of attacks; organizations can use this information
to change their security systems or implement more effective controls.
An IPS is used to identify malicious activity, record detected threats, report detected threats and take
preventative action to stop a threat from doing damage
The primary difference between the two is that one monitors while the other controls. IDS systems
don't actually change the packets. They just scan the packets and check them against a database of
known threats. IPS systems, however, prevent the delivery of the packet into the network.
In Lab:
Reg No:
Dinesh after implementing firewall on both windows and Linux now he is interested in
learning about new techniques which can give an alert to him when an malicious activity is
trying to occur and if possible to prevent that malicious attempts.
Task -1 : Help Dinesh to setup a IDS in a Linux machine to detect malicious event i.e.
Intrusion
sudo snort -V
Task -2 : Help Dinesh to write some rules in that IDS and help to display a warning message
when intrusion occur as per written rule above
cd rules
ls
Reg No:
Return back to the terminal and change the present work directory to /etc/snort
#cd /etc/snort
->Open the configaration file snort.conf
cd ..
sudo nano snort.conf
Include the new rules in the configaration file under “customize your rule set”
Change snort in IDS mode and initiate the disply alerts in console
sudo snort -A console -I eth0 -c /etc/snort/snort.conf
Reg No:
Post Lab:
1. What are false positive when considering analyzing the results ?
Reg No:
SOL.)
A false positive is like a false alarm; your house alarm is triggered and there is no burglar. In
web application security a false positive is when a web application security scanner indicates
that there is a vulnerability on your website, such as SQL Injection, but in reality, it is not.
Evaluator’s Observation
Marks Secured: _______ out of ________