SlideShare una empresa de Scribd logo

Snort IPS

S
Simone Tino
TecnologíaEmpresariales
1 de 10
Descargar para leer sin conexión
Snort – from IDS to IPS inline mode 1 Author: Simone Tino Università degli Studi di Catania Simone Tino Upgrading Snort IDS to inline mode for active control 03/12/2013
2 Snort capabilities  Detection and Prevention modes  Works on different network topologies  Traffic replication required for detection only (i.e. Port Mirroring)  Totally transparency to the hosts  Requires good CPU and Ram capabilities  Open Source Software  Customizable report formatting tools available (i.e. Barnyard2, MySQL, BASE, Placid)  Requires good configuration rules: TN and FP Simone Tino 03/12/2013
IDS vs IPS 3 IDS IPS  Detection mode only  Active traffic control  Traffic replication required  “Original” traffic required  Decoupling detection and reaction  Detection and reaction support functionalities  IDS as a good assistant for network administration  Usually used for testing rules  No administrator assistance needed Simone Tino  Requires strict configuration  Two network cards bridging required 03/12/2013
4 Snort Intrusion Detection System • Port Mirroring required • Detection mode only Used to verify rules consistency Simone Tino 03/12/2013
5 Snort Intrusion Prevention System • Needs original traffic • Active traffic control Requires strict rules configuration Simone Tino 03/12/2013
6 Snort IPS Demo • Host 1: eth0: 192.0.0.2/24 • Host 2: eth0: 10.0.0.2/24 • Snort IPS: 2 network cards eth0: 192.0.0.3/24 eth1: 10.0.0.3/24  Communication between 2 different subnets  Snort IPS provides active and transparent control  Totally transparency to the hosts  Routing configuration required Simone Tino 03/12/2013
Snort IPS - Demo 7 Simone Tino 03/12/2013
8 Configuration steps IDS works on a copy of the traffic. Company solutions based on Port Mirroring switch tool. IPS works on “original” traffic like firewalls. Typical installation between 2 networks. Simone Tino 03/12/2013
9 From IDS to IPS Iptables configuration implies packets to be redirected to userlevel. Here, Snort must be active to avoid packet-loss. Simone Tino 03/12/2013
In the end… 10 Snort IPS can work in multiple modes. Snort inline with NFQ module is the more flexible and adaptable IPS solution. Using NFQ module in DAQ, many queues can be created; a Snort instance handles each queue (so, a different Snort rule set), where traffic can be redirected according to iptables rules. Simone Tino 03/12/2013

Recomendados

Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)NetProtocol Xpert
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to SnortHossein Yavari
 
Snort
SnortSnort
SnortStickman Hai
 
Security Onion
Security OnionSecurity Onion
Security Onionn|u - The Open Security Community
 
IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based FirewallNetwax Lab
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introductionn|u - The Open Security Community
 

Recomendados

Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)NetProtocol Xpert
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to SnortHossein Yavari
 
Snort
SnortSnort
SnortStickman Hai
 
Security Onion
Security OnionSecurity Onion
Security Onionn|u - The Open Security Community
 
IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based FirewallNetwax Lab
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introductionn|u - The Open Security Community
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Assessing network security
Assessing network securityAssessing network security
Assessing network securityAbhinit Kumar Sharma
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
All About Snort
All About SnortAll About Snort
All About Snort28pranjal
 
LTM essentials
LTM essentialsLTM essentials
LTM essentialsbharadwajv
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Linux privilege escalation 101
Linux privilege escalation 101Linux privilege escalation 101
Linux privilege escalation 101Rashid feroz
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
Firewall
FirewallFirewall
Firewalltrilokchandra prakash
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Suricata
SuricataSuricata
Suricatatex_morgan
 
Network monitoring tools
Network monitoring toolsNetwork monitoring tools
Network monitoring toolsQaswarBosan
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to siteMostafa El Lathy
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTAshley Deuble
 
hakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_ENhakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_ENPierpaolo Palazzoli
 
IPS_3M_eng
IPS_3M_engIPS_3M_eng
IPS_3M_engPierpaolo Palazzoli
 

Más contenido relacionado

La actualidad más candente

All About Snort
All About SnortAll About Snort
All About Snort28pranjal
 
LTM essentials
LTM essentialsLTM essentials
LTM essentialsbharadwajv
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Linux privilege escalation 101
Linux privilege escalation 101Linux privilege escalation 101
Linux privilege escalation 101Rashid feroz
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Network monitoring tools
Network monitoring toolsNetwork monitoring tools
Network monitoring toolsQaswarBosan
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTAshley Deuble
 

La actualidad más candente (20)

IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Assessing network security
Assessing network securityAssessing network security
Assessing network security
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
All About Snort
All About SnortAll About Snort
All About Snort
 
LTM essentials
LTM essentialsLTM essentials
LTM essentials
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
Linux privilege escalation 101
Linux privilege escalation 101Linux privilege escalation 101
Linux privilege escalation 101
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts
 
Firewall
FirewallFirewall
Firewall
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Suricata
SuricataSuricata
Suricata
 
Network monitoring tools
Network monitoring toolsNetwork monitoring tools
Network monitoring tools
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to site
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERT
 

Similar a Snort IPS

Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...Disha Bedi
 
Crowd management system
Crowd management systemCrowd management system
Crowd management systemMumbaikar Le
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Disha Bedi
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Controlsandy_vasan
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSrinivasa Addepalli
 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemnewbie2019
 
IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxaskaripayalo
 
Detect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemDetect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemIRJET Journal
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortDisha Bedi
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platformsBen Tullis
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityHecrocro
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Group4_final_report.pptx
Group4_final_report.pptxGroup4_final_report.pptx
Group4_final_report.pptxHataseSouta
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTREcscpconf
 
A Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecurityA Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecuritySébastien Tandel
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 

Similar a Snort IPS (20)

hakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_ENhakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_EN
 
IPS_3M_eng
IPS_3M_engIPS_3M_eng
IPS_3M_eng
 
Snort- Presentation.pptx
Snort- Presentation.pptxSnort- Presentation.pptx
Snort- Presentation.pptx
 
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
 
Crowd management system
Crowd management systemCrowd management system
Crowd management system
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_Networks
 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection system
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
 
IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptx
 
Detect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemDetect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection System
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using Snort
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platforms
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network Security
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Group4_final_report.pptx
Group4_final_report.pptxGroup4_final_report.pptx
Group4_final_report.pptx
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
 
A Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecurityA Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive Security
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
 

Último

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Último (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Snort IPS

  • 1. Snort – from IDS to IPS inline mode 1 Author: Simone Tino Università degli Studi di Catania Simone Tino Upgrading Snort IDS to inline mode for active control 03/12/2013
  • 2. 2 Snort capabilities  Detection and Prevention modes  Works on different network topologies  Traffic replication required for detection only (i.e. Port Mirroring)  Totally transparency to the hosts  Requires good CPU and Ram capabilities  Open Source Software  Customizable report formatting tools available (i.e. Barnyard2, MySQL, BASE, Placid)  Requires good configuration rules: TN and FP Simone Tino 03/12/2013
  • 3. IDS vs IPS 3 IDS IPS  Detection mode only  Active traffic control  Traffic replication required  “Original” traffic required  Decoupling detection and reaction  Detection and reaction support functionalities  IDS as a good assistant for network administration  Usually used for testing rules  No administrator assistance needed Simone Tino  Requires strict configuration  Two network cards bridging required 03/12/2013
  • 4. 4 Snort Intrusion Detection System • Port Mirroring required • Detection mode only Used to verify rules consistency Simone Tino 03/12/2013
  • 5. 5 Snort Intrusion Prevention System • Needs original traffic • Active traffic control Requires strict rules configuration Simone Tino 03/12/2013
  • 6. 6 Snort IPS Demo • Host 1: eth0: 192.0.0.2/24 • Host 2: eth0: 10.0.0.2/24 • Snort IPS: 2 network cards eth0: 192.0.0.3/24 eth1: 10.0.0.3/24  Communication between 2 different subnets  Snort IPS provides active and transparent control  Totally transparency to the hosts  Routing configuration required Simone Tino 03/12/2013
  • 7. Snort IPS - Demo 7 Simone Tino 03/12/2013
  • 8. 8 Configuration steps IDS works on a copy of the traffic. Company solutions based on Port Mirroring switch tool. IPS works on “original” traffic like firewalls. Typical installation between 2 networks. Simone Tino 03/12/2013
  • 9. 9 From IDS to IPS Iptables configuration implies packets to be redirected to userlevel. Here, Snort must be active to avoid packet-loss. Simone Tino 03/12/2013
  • 10. In the end… 10 Snort IPS can work in multiple modes. Snort inline with NFQ module is the more flexible and adaptable IPS solution. Using NFQ module in DAQ, many queues can be created; a Snort instance handles each queue (so, a different Snort rule set), where traffic can be redirected according to iptables rules. Simone Tino 03/12/2013