Menu

[Solved]Task 2 Snort Ids Lab Use Network Intrusion Detection System Nids Detect Attacks Network To Q37251658

Hi can someone help me with this?Task 2: Snort IDS In this lab, you will use a Network Intrusion Detection System (NIDS) to detect attacks through the network

Task 2: Snort IDS In this lab, you will use a Network Intrusion Detection System (NIDS) to detect attacks through the network. Our tool of choice is Snort, an open source signature-based NIDS (remind yourself about the differences between anomaly-based and signature-based intrusion detection systems) Step 1: Install and configure snort $sudo apt-get install snort Read the comments in /ete/snort/snortusonf carefully and pay attention to the definition of variable HOME_NET and EXTERNAL NET. Then try running Snort as root: $SRAR snort /ste/snort/898破R9RÉ -c Watch the output carefully, and address any errors in your config file. (Hint: some default rules files contain deprecated format, try to comment those files in the config file). Continue re-running snort until you get it working correctly Step 2: Read about Snort’s signature syntax in the Snort User’s Manual. In particular, be sure to review the meta- data options reference and sid. Once you are somewhat familiar with the rule language, read through some of the web attacks rules files. These are files named in the form web-*.rules under /ete/snort/rules/ Follow the references listed in a few of the rules and read about the type of attack the specific signatures are designed to detect. Now, select two web attack signatures that seem straight-forward to understand. It would be simpler if you select a signature that looks for “evil” data in an HTTP URL string. Log into your Windows server and open a browser. Based on the documentation provided with the signature you have selected, attempt to trigger the Snort signature by making a HTTP request to which contains an attack string which should be detected Next, verify in your Snort logs that your attack triggered an alert based on that. (Hint:/var/log/snort/ Step 3: Snort also allows us to write custom rules. Open the file /etc/snort/rules/localrules and add one rule that detects each visit to www.google.com that is made by the virtual machine. The rule should look for any outbound TCP traffic that is going to port 80 and contains the pattern “www.google.com” in the URL and trigger an alert when it gets a match. Give the rule an SID of 1000000 or higher. Then visit Google with a web browser and check if your rule triggered an alert. Questions In step 1, how did you modify the config file to make it work? In step 2, describe the two attack signatures you chose and explain the corresponding rules against them. How did you attempt to trigger the alert? How did snort process your requests? In step 3, copy/paste your new rule here. How did you confirm that your rule was enforced by snort? 1. 2. 3. Show transcribed image text Task 2: Snort IDS In this lab, you will use a Network Intrusion Detection System (NIDS) to detect attacks through the network. Our tool of choice is Snort, an open source signature-based NIDS (remind yourself about the differences between anomaly-based and signature-based intrusion detection systems) Step 1: Install and configure snort $sudo apt-get install snort Read the comments in /ete/snort/snortusonf carefully and pay attention to the definition of variable HOME_NET and EXTERNAL NET. Then try running Snort as root: $SRAR snort /ste/snort/898破R9RÉ -c Watch the output carefully, and address any errors in your config file. (Hint: some default rules files contain deprecated format, try to comment those files in the config file). Continue re-running snort until you get it working correctly Step 2: Read about Snort’s signature syntax in the Snort User’s Manual. In particular, be sure to review the meta- data options reference and sid. Once you are somewhat familiar with the rule language, read through some of the web attacks rules files. These are files named in the form web-*.rules under /ete/snort/rules/ Follow the references listed in a few of the rules and read about the type of attack the specific signatures are designed to detect. Now, select two web attack signatures that seem straight-forward to understand. It would be simpler if you select a signature that looks for “evil” data in an HTTP URL string. Log into your Windows server and open a browser. Based on the documentation provided with the signature you have selected, attempt to trigger the Snort signature by making a HTTP request to which contains an attack string which should be detected Next, verify in your Snort logs that your attack triggered an alert based on that. (Hint:/var/log/snort/ Step 3: Snort also allows us to write custom rules. Open the file /etc/snort/rules/localrules and add one rule that detects each visit to www.google.com that is made by the virtual machine. The rule should look for any outbound TCP traffic that is going to port 80 and contains the pattern “www.google.com” in the URL and trigger an alert when it gets a match. Give the rule an SID of 1000000 or higher. Then visit Google with a web browser and check if your rule triggered an alert. Questions In step 1, how did you modify the config file to make it work? In step 2, describe the two attack signatures you chose and explain the corresponding rules against them. How did you attempt to trigger the alert? How did snort process your requests? In step 3, copy/paste your new rule here. How did you confirm that your rule was enforced by snort? 1. 2. 3.

Expert Answer

Answer to Task 2: Snort IDS In this lab, you will use a Network Intrusion Detection System (NIDS) to detect attacks through the ne… . . .

OR


Leave a Reply

Your email address will not be published. Required fields are marked *

See what happens after you have accessed solutions.

We are an established writing agency offering a variety of homework related solutions.

 

Place New Order Now

Once your purchase clears after clicking the purchase button, you will get the download link on the confirmation page and its mirror on your email for convenience.