Acid

1,265 views
1,204 views

Published on

ACID presentation for Linux User Group (Singapore) 2004/4/7

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,265
On SlideShare
0
From Embeds
0
Number of Embeds
30
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Acid

  1. 1. Network Security Analysis using Snort and ACID <ul><ul><li>Introduction to </li></ul></ul><ul><ul><li>Network Security Analysis </li></ul></ul><ul><ul><li>using </li></ul></ul><ul><ul><li>Snort and ACID </li></ul></ul><ul><ul><li>Linux User Group Singapore </li></ul></ul><ul><ul><li>Friday 7 th May 2004 </li></ul></ul><ul><ul><li>By </li></ul></ul><ul><ul><li>Michael Boman </li></ul></ul><ul><ul><li><michael.boman@boseco.com> </li></ul></ul>
  2. 2. What we will cover: <ul><li>Benefits of running Snort + ACID </li></ul><ul><li>Alert flow in a Snort + ACID setup </li></ul><ul><li>Demo of ACID </li></ul><ul><li>Q & A </li></ul>
  3. 3. Why Snort and ACID? <ul><li>De-facto standard for Open Source Network IDS </li></ul><ul><li>Very well documented combination </li></ul><ul><ul><li>3 books published </li></ul></ul><ul><ul><li>Many HOWTO's available for free on the net </li></ul></ul>
  4. 4. Software <ul><li>Snort </li></ul><ul><ul><li>NIDS engine </li></ul></ul><ul><li>Barnyard / Mudpit / FLoP </li></ul><ul><ul><li>Output processor for Snort </li></ul></ul><ul><li>MySQL / PostgreSQL </li></ul><ul><ul><li>Alert storage medium </li></ul></ul><ul><li>Apache / ACID </li></ul><ul><ul><li>Web server / Web application </li></ul></ul><ul><li>Web browser of choice </li></ul><ul><ul><li>Alert display “console” </li></ul></ul>
  5. 5. The Snort Architecture <ul><li>Detect Events of Interest on the network </li></ul><ul><li>Send alerts to server </li></ul><ul><li>Receive alerts from sensor </li></ul><ul><li>Display alerts </li></ul>
  6. 6. Snort flow : Receiving IDS Alerts
  7. 7. Snort flow : Receiving IDS Alerts (barnyard)
  8. 8. Snort flow : Getting Alert Details
  9. 9. Demo <ul><li>Enough theory, let us get our hands dirty with the pig </li></ul>
  10. 10. What have we learned? <ul><li>Benefits of running Snort + ACID </li></ul><ul><li>Alert flow in a Snort + ACID setup </li></ul>
  11. 11. Questions? <ul><li>Got any questions? Now is the time to ask them! </li></ul>
  12. 12. Suggested reading material <ul><li>Snort 2.0 Intrusion Detection </li></ul><ul><ul><li>Brian Caswell, Jay Beale, James C. Foster, Jeremy Faircloth; ISBN: 1931836744 </li></ul></ul><ul><li>Intrusion Detection with Snort </li></ul><ul><ul><li>Jack Koziol; ISBN: 157870281X </li></ul></ul><ul><li>http://www.snort.org/docs/ </li></ul>

×