greg steen. what is snort? snort purposes where can it be used?
DESCRIPTION
IDS/IPS Sniffs & Logs packets based on rule set When inline, can drop packets, thus IPS Sniffer Command-line packet sniffer Packet Logger Logs packets without a rule base.TRANSCRIPT
Greg Steen
What is Snort? Snort purposes Where can it be used?
IDS/IPS Sniffs & Logs packets based on rule set When inline, can drop packets, thus IPS
Sniffer Command-line packet sniffer
Packet Logger Logs packets without a rule base.
Architecture Where will Snort reside on a network?
Installation Components
Snort- IDS/IPS Barnyard- Processes output of Snort Base- GUI to see the captured packets MySQL- Stores packet information and run DML
functions
Configuration files Rules.conf Snort.conf Barnyard2.conf
Permission settings Database GUI
Rule writing Sample rules
#pass tcp 192.168.1.106 any <> 91.189.88.40 any (msg:"allowed traffic for ubuntu updates";sid:1000011;)
alert icmp !10.1.0.0/16 any -> 10.1.1.0/16 any (msg: "Intrusion traffic";sid: 1000008;)
#drop tcp any 80 <> any 80 (msg:"Drop tcp all port 80";sid:1000014;)
Base lining the network Important to monitor and establish what is
acceptable traffic.
Data What is collected. Interpretation
Analysis Uses for data
Summary Snort is an open-source IDS/IPS Designed to be available at no cost for those
that want it Many businesses can use Snort, small to large
and it depends on the amount of maintenance desired to handle.