Scribd Logo
Upload

Welcome to Scribd!

  • SL Exp 9 Teita 40

    Uploaded by

    AYUSH NALAWADE
    16 views5 pages

    Original Title

    SL_EXP_9_TEITA_40

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views5 pages

    SL Exp 9 Teita 40

    Uploaded by

    AYUSH NALAWADE

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    ANUJA SHIRODE

    TEITA_40

    ST. FRANCIS INSTITUTE OF TECHNOLOGY


    DEPARTMENT OF INFORMATION TECHNOLOGY
    SECURITY LAB

    Experiment – 9: Intrusion detection system using SNORT

    Aim: To setup Intrusion detection system using SNORT.

    Objective: After performing the experiment, the students will be able to –


    ▪ Explore Snort-IDS tool

    Lab objective mapped: L502.6: Students should be able to Apply network security basics,
    analyze different attacks on networks and evaluate the performance of firewalls and security
    protocols, such as SSL, IPSEC, and PGP, and authentication mechanisms to design secure
    applications.

    Prerequisite: Basic knowledge of network security.

    Requirements: Windows OS/Unix/Linux, SNORT

    Pre-Experiment Theory:

    Snort is an open source network intrusion prevention and detection system (IDS/IPS)
    developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based
    inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions
    of downloads and nearly 400,000 registered users, Snort has become the de facto standard for
    IPS.
    Snort can be configured to run in three modes:
    1. Sniffer mode: It simply reads the packets off of the network and displays them for you in
    a continuous stream on the console (screen)
    2. Packet Logger mode: logs the packets to disk
    3. Network Intrusion Detection System (NIDS) mode: it performs detection and analysis
    on network traffic. This is the most complex and configurable mode.

    Implementation:
    1. Install snort on your system.
    2. Run command to use snort as sniffer mode.
    Snort -v
    Snort -vd
    3. Run command to use snort as Packet logger mode.
    Snort -dev -1 C:\Snort\log
    View the log file created
    4. Learn commands to use snort as IDS. Observe the snort rule file (i.e., snort.conf file).
    Analyze the rule file to configure it for your network environment.

    Snippets:

    Packet sniffer mode:


    snort -V
    snort -W

    snort -v
    snort -vd

    Packet logging mode:


    snort -dev -l c:\snort\log
    log file is created

    Post Experimental Exercise-


    Questions:
    1. What is IDS?
    2. What is the aim of IDS?
    3. Explain host-based and network-based IDS. [Refer to the following link to write
    your answer: https://securitywing.com/host-based-ids-vs-network-based-ids/]
    4. Explain in detail each mode of snort with possible commands.

    Conclusion:
    Packet sniffing, logging and intrusion detection is studied using Snort.
    References:
    Mention your references here.
    https://securitywing.com/host-based-ids-vs-network-based-ids/
    https://www.techrepublic.com/article/using-snort-for-intrusion-detection/
    http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node6.html

    You might also like