The slides present about how does Snort detecting the intruders meanwhile how to analyse the traffic using ELK Stack. It will be more helpful for you to detect the intruders and to analyse using colorful virtualization.
3. About us
• We are: The Machas, 1Qra’, seTajul clan, Cyber
Warrior
• Gold for Project Innovation and Exhibition
(PIEx18) – Polytechnic Mersing
• Best Award (SPEx18)
• 2nd Place InterPolytechnic CTF Challenge
• Cyber Heroes
• Cyber Range Academy Conference and Security
Day (OWASP) 2017 – Polytechnic Mersing
• Hack@10 – UNITEN
5. agenda
• Introduction
• Overview
• What is the problem?
• Setup
• Installation : Snort integrated with ELK
• The scenario
• Demo by The Machas
• Q & A
7. Objective 1
• Successfully installed Snort in the Ubuntu Server
Install Snort in the server
• Configure the local.rules to write ICMP rules
Objective 2
Write NMAP rulesObjective 3
Visibility Deployment
Write ICMP rules
• Configure the local.rules to write Network Mapper (NMAP) Rules in the server
Objective 4
• Virtualize the alert through GUI using the Basic Analysis and Security Engine
(BASE)
8. What is the problem?
• Couldn’t be able to detect attacks on network
• Wouldn’t alert the attacks on the network.
• Can’t detect the behavior of an attacker
BE VIGILANT , BE SMART ☺
15. How Snort IDS monitoring works
Snort intrusion
detection system
(IDS) has been
installed and
configured
Internet
In this example, the snort
IDS machine is placed inside
the LAN between the
firewall and router.
Internal Network
Intruders
Internet
Firewall
Client
16. Benefit of visibility
• To keep the network defense strong
• Ability to see the behavior inside the traffic
• To deliver data speed and efficiency