Linux CBT – NIDS Focus: Snort Network Intrusion Detection System
Released: 1.2013 | Genre: Tutorial | Size: 631 MB
Network Intrusion Detection System (NIDS) Security – Module V
Snort NIDS – Installation
• Peruse the LinuxCBT Security Edition classroom network topology
• Download Snort
• Import G/PGP public key and verify package integrity
• Identify & key Snort dependencies
• Install current libpcap – Packet Capture Library
• Establish security configuration baseline
Snort NIDS – Sniffer Mode
• Discuss sniffer mode concepts & applications
• Sniff IP packet headers – layer-3/4
• Sniff data-link headers – layer-2
• Sniff application payload – layer-7
• Sniff application/ip packet headers/data-link headers – all layers except physical
• Examine packets & packet loss
• Sniff traffic traversing interesting interfaces
• Sniff clear-text traffic
• Sniff encrypted streams
Snort NIDS – Logging Mode
• Discuss logging mode concepts & applications
• Log traffic using default PCAP/TCPDump format
• Log traffic using ASCII mode & examine output
• Discuss directory structure created by ASCII logging mode
• Control verbosity of ASCII logging mode & examine output
• Enhance packet logging analysis by defaulting to binary logging
• Discuss default nomenclature for binary/TCPDump files
• Alter binary output options
• Use Snort NIDS to read binary/TCPDump files
Snort NIDS – Berkeley Packet Filters (BPFs)
• Explain the advantages to utilizing BPFs
• Discuss BPF directional, type, and protocol qualifiers
• Identify clear-text based network applications and define appropriate BPFs
• Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
• Log to the active pseudo-terminal console and examine the packet flows
• Combine BPF qualifiers to increase packet-matching capabilities
• Use logical operators to define more flexible BPFs
• Read binary TCPDump files using Snort & BPFs
• Execute Snort NIDS in logging/daemon mode
Snort NIDS – Cisco Switch Configuration
• Examine the current network configuration
• Identify Snort NIDS sensors and centralized DBMS Server
• Create multiple VLANs on the Cisco Switch
• Secure the Cisco Switch configuration
• Isolate internal and external hosts, sensors and DBMS systems
• Configure SPAN – Port Mirroring for internal and external Snort NIDS Sensors
• Examine internal and external packet flows
Snort NIDS – Network Intrusion Detection System (NIDS) Mode
• Discuss NIDS concepts & applications
• Prepare /etc/snort – configuration directory for NIDS operation
• Explore the snort.conf NIDS configuration file
• Discuss all snort.conf sections
• Download & install community rules
• Execute Snort in NIDS mode with TCPDump compliant output plugin
• Download & install Snort Vulnerability Research Team (VRT) rules
• Compare & contrast community rules to VRT rules
Snort NIDS – Output Plugin – Barnyard Configuration
• Discuss features & benefits
• Configure Syslog based logging and examine results
• Configure Snort to log sequentially to multiple output locations
• Implement unified binary output logging to enhance performance
• Discuss concepts & features associated with post-processing Snort logs
• Download and install current barnyard post-processor
• Use barnyard to post-process logs to multiple output destinations
Snort NIDS – BASE – MySQL® Implementation
• Discuss benefits of centralized console reporting for 1 or more Snort sensors
• Re-compile Snort on both sensors to support MySQL logging
• Configure MySQL on Database Management System (DBMS) Host
• Implement Snort database schema on DBMS Host
• Configure Snort to log output to MySQL DBMS Host
• Confirm output logging to the MySQL DBMS Host
• Prepare DBMS Host for BASE console installation
• Install BASE and complete schema extension
• Peruse BASE interface
Snort® NIDS – Rules Configuration & Updates
• Discuss the concept of rules as related to Snort NIDS
• Examine Snort rule syntax
• Peruse pre-defined Snort rules
• Download & configure oinkmaster to automatically update Snort rules
• Confirm oinkmaster operation
With a Premium account you can download files having Fullspeed !
Uploaded Links
LinuxCBT-NiDS.Edition.part1
LinuxCBT-NiDS.Edition.part2
Lumfile Links
LinuxCBT-NiDS.Edition.part1.html
LinuxCBT-NiDS.Edition.part2.html
Rapidgator Links
LinuxCBT-NiDS.Edition.part1.html
LinuxCBT-NiDS.Edition.part2.html
The post Linux CBT – NIDS Focus Snort Network Intrusion Detection System Training appeared first on Free Ebooks and Video Training.