Embedded Files
An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.
Module Objective
Module Objective
The objective of this lab is to help students learn and detect intrusions in a network, log, and view all log files. In this lab, you will learn how to:
Install and configure Snort IDS
Run Snort as a service
Log snort log files to Kiwi Syslog server
Store snort log files to two output sources simultaneously
Scenario
Scenario
Due to a growing number of intrusions and since the Internet and local networks have become so ubiquitous, organizations increasingly implementing various systems that monitor IT security breaches. Intrusion detection systems (IDSes) are those that have recently gained a considerable amount of interest. An IDS is a defence system that detects hostile activities in a network. The key is then to detect and possibly prevent activities that may compromise system security, or a hacking attempt in progress including reconnaissance/data collection phases that involve, for example, port scans. One key feature of intrusion detection systems is their ability to provide a view of unusual activity and issue alerts notifying administrators and/or block a suspected connection. According to Amoroso, intrusion detection is a “process of identifying and responding to malicious activity targeted at computing and networking resources.” In addition, IDS tools are capable of distinguishing between insider attacks originating from inside the organization (coming from own employees or customers) and external ones (attacks and the threat posed by hackers) (Source: http://www.windowsecurity.com)
In order to become an expert penetration tester and security administrator, you must possess sound knowledge of network intrusion prevention system (IPSes), IDSes, malicious network activity, and log information.
Module Syllabus
Module Syllabus
Intrusion Detection Systems (IDS) and its Placement
How IDS Works?
Ways to Detect an Intrusion
Types of Intrusion Detection Systems
System Integrity Verifiers (SIV)
General Indications of Intrusions
General Indications of System Intrusions
Firewall
Firewall Architecture
DeMilitarized Zone (DMZ)
Types of Firewall
Packet Filtering Firewall
Circuit-Level Gateway Firewall
Application-Level Firewall
Stateful Multilayer Inspection Firewall
Firewall Identification
Port Scanning
Firewalking
Banner Grabbing
Honeypot
Types of Honeypots
How to Set Up a Honeypot?
Intrusion Detection Tool
Snort
Snort Rules
Rule Actions and IP Protocols
The Direction Operator and IP Addresses
Port Numbers
Intrusion Detection Systems: Tipping Point
Intrusion Detection Tools
Firewall: Sunbelt Personal Firewall
Firewalls
Honeypot Tools
KFSensor
SPECTER
Insertion Attack
Evasion
Denial-of-Service Attack (DoS)
Obfuscating
False Positive Generation
Session Splicing
Unicode Evasion Technique
Fragmentation Attack
Overlapping Fragments
Time-To-Live Attacks
Invalid RST Packets
Urgency Flag
Polymorphic Shellcode
ASCII Shellcode
Application-Layer Attacks
Desynchronization
Pre Connection SYN
Post Connection SYN
Other Types of Evasion
IP Address Spoofing
Attacking Session Token Generation Mechanism
Tiny Fragments
Bypass Blocked Sites Using IP Address in Place of URL
Bypass Blocked Sites Using Anonymous Website Surfing Sites
Bypass a Firewall using Proxy Server
Bypassing Firewall through ICMP Tunneling Method
Bypassing Firewall through ACK Tunneling Method
Bypassing Firewall through HTTP Tunneling Method
Bypassing Firewall through External Systems
Bypassing Firewall through MITM Attack
Detecting Honeypots
Honeypot Detecting Tool: Send-Safe Honeypot Hunter
Firewall Evasion Tools
Traffic IQ Professional
TCP-over-DNS
Firewall Evasion Tools
Packet Fragment Generators
Countermeasures
Firewall/IDS Penetration Testing
Firewall Penetration Testing
IDS Penetration Testing
Report abuse