Computing | Computer Security | Linux Security | Industrial Control Systems Security | Penetration Testing | Exploitation | Social Engineering | Metasploit | encryption | IDS/IPS | HoneyPots | Securing Web/Apps
IDS/IPS
Intrusion Detection System
- Alert
- Log
Intrusion Prevetion System
- IDS - it has all functions of the IDS
- AXN - it can take actions depending on packets
- Drop
_________ |SpanPort| x----------- | | ________------ | | _______ |vlan1 |HIDS| on host machine | |public | | | ------ isp --> | // |--------|Server|-----| | | ^ |______| | | | | | --------- | | NIDS |_______|Honeypot| firewall vlan2 ---------- Network Based IDS Host Based IDSNormally we only use NIDS which sits next to the firewall which is running in spanport mode. In the IDS software we create rules (signature) and if it matches rule or finds an anomaly then it will raise a log.
Tools
Snort- Start snort service
- configure rules
- restart snort
- start snort console
- attack and detect
sudo vi /etc/snort/snort.conf /etc/init.d/snort restart snort -q -A -i wlan0 -c /etc/snort/snort.conf nmap -sU 192.168.100.82
29nov16 | admin |