SlideShare una empresa de Scribd logo

Snort IPS

S
Simone Tino
TecnologíaEmpresariales
1 de 10
Descargar para leer sin conexión
Snort – from IDS to IPS inline mode 1 Author: Simone Tino Università degli Studi di Catania Simone Tino Upgrading Snort IDS to inline mode for active control 03/12/2013
2 Snort capabilities  Detection and Prevention modes  Works on different network topologies  Traffic replication required for detection only (i.e. Port Mirroring)  Totally transparency to the hosts  Requires good CPU and Ram capabilities  Open Source Software  Customizable report formatting tools available (i.e. Barnyard2, MySQL, BASE, Placid)  Requires good configuration rules: TN and FP Simone Tino 03/12/2013
IDS vs IPS 3 IDS IPS  Detection mode only  Active traffic control  Traffic replication required  “Original” traffic required  Decoupling detection and reaction  Detection and reaction support functionalities  IDS as a good assistant for network administration  Usually used for testing rules  No administrator assistance needed Simone Tino  Requires strict configuration  Two network cards bridging required 03/12/2013
4 Snort Intrusion Detection System • Port Mirroring required • Detection mode only Used to verify rules consistency Simone Tino 03/12/2013
5 Snort Intrusion Prevention System • Needs original traffic • Active traffic control Requires strict rules configuration Simone Tino 03/12/2013
6 Snort IPS Demo • Host 1: eth0: 192.0.0.2/24 • Host 2: eth0: 10.0.0.2/24 • Snort IPS: 2 network cards eth0: 192.0.0.3/24 eth1: 10.0.0.3/24  Communication between 2 different subnets  Snort IPS provides active and transparent control  Totally transparency to the hosts  Routing configuration required Simone Tino 03/12/2013
Snort IPS - Demo 7 Simone Tino 03/12/2013
8 Configuration steps IDS works on a copy of the traffic. Company solutions based on Port Mirroring switch tool. IPS works on “original” traffic like firewalls. Typical installation between 2 networks. Simone Tino 03/12/2013
9 From IDS to IPS Iptables configuration implies packets to be redirected to userlevel. Here, Snort must be active to avoid packet-loss. Simone Tino 03/12/2013
In the end… 10 Snort IPS can work in multiple modes. Snort inline with NFQ module is the more flexible and adaptable IPS solution. Using NFQ module in DAQ, many queues can be created; a Snort instance handles each queue (so, a different Snort rule set), where traffic can be redirected according to iptables rules. Simone Tino 03/12/2013

Recomendados

Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to SnortHossein Yavari
 
Snort
SnortSnort
SnortRahul Jain
 
Snort
SnortSnort
SnortFadwa Gmiden
 
All About Snort
All About SnortAll About Snort
All About Snort28pranjal
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
Snort
SnortSnort
SnortStickman Hai
 
Snort IDS
Snort IDSSnort IDS
Snort IDSprimeteacher32
 

Recomendados

Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to SnortHossein Yavari
 
Snort
SnortSnort
SnortRahul Jain
 
Snort
SnortSnort
SnortFadwa Gmiden
 
All About Snort
All About SnortAll About Snort
All About Snort28pranjal
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
Snort
SnortSnort
SnortStickman Hai
 
Snort IDS
Snort IDSSnort IDS
Snort IDSprimeteacher32
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Disha Bedi
 
Snort
SnortSnort
SnortMichael Boman
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortDisha Bedi
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
SDN Fundamentals - short presentation
SDN Fundamentals - short presentationSDN Fundamentals - short presentation
SDN Fundamentals - short presentationAzhar Khuwaja
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS BasicsMahendra Pratap Singh
 
security onion
security onionsecurity onion
security onionBoni Yeamin
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
Linux デスクトップ環境のセキュリティを考えてみる
Linux デスクトップ環境のセキュリティを考えてみるLinux デスクトップ環境のセキュリティを考えてみる
Linux デスクトップ環境のセキュリティを考えてみるKenichiro MATOHARA
 
hakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_ENhakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_ENPierpaolo Palazzoli
 
IPS_3M_eng
IPS_3M_engIPS_3M_eng
IPS_3M_engPierpaolo Palazzoli
 

Más contenido relacionado

La actualidad más candente

Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Disha Bedi
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortDisha Bedi
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
SDN Fundamentals - short presentation
SDN Fundamentals - short presentationSDN Fundamentals - short presentation
SDN Fundamentals - short presentationAzhar Khuwaja
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Linux デスクトップ環境のセキュリティを考えてみる
Linux デスクトップ環境のセキュリティを考えてみるLinux デスクトップ環境のセキュリティを考えてみる
Linux デスクトップ環境のセキュリティを考えてみるKenichiro MATOHARA
 

La actualidad más candente (20)

Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
 
Snort
SnortSnort
Snort
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using Snort
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
SDN Fundamentals - short presentation
SDN Fundamentals - short presentationSDN Fundamentals - short presentation
SDN Fundamentals - short presentation
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
security onion
security onionsecurity onion
security onion
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
Linux デスクトップ環境のセキュリティを考えてみる
Linux デスクトップ環境のセキュリティを考えてみるLinux デスクトップ環境のセキュリティを考えてみる
Linux デスクトップ環境のセキュリティを考えてみる
 

Similar a Snort IPS

Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...Disha Bedi
 
Crowd management system
Crowd management systemCrowd management system
Crowd management systemMumbaikar Le
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Controlsandy_vasan
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSrinivasa Addepalli
 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemnewbie2019
 
IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxaskaripayalo
 
Detect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemDetect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemIRJET Journal
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platformsBen Tullis
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityHecrocro
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Group4_final_report.pptx
Group4_final_report.pptxGroup4_final_report.pptx
Group4_final_report.pptxHataseSouta
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTREcscpconf
 
A Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecurityA Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecuritySébastien Tandel
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...EC-Council
 

Similar a Snort IPS (20)

hakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_ENhakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_EN
 
IPS_3M_eng
IPS_3M_engIPS_3M_eng
IPS_3M_eng
 
Snort- Presentation.pptx
Snort- Presentation.pptxSnort- Presentation.pptx
Snort- Presentation.pptx
 
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
 
Crowd management system
Crowd management systemCrowd management system
Crowd management system
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_Networks
 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection system
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
 
IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptx
 
Detect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemDetect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection System
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platforms
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network Security
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Group4_final_report.pptx
Group4_final_report.pptxGroup4_final_report.pptx
Group4_final_report.pptx
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
 
A Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecurityA Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive Security
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
 
Day4
Day4Day4
Day4
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
 

Último

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Snort IPS

  • 1. Snort – from IDS to IPS inline mode 1 Author: Simone Tino Università degli Studi di Catania Simone Tino Upgrading Snort IDS to inline mode for active control 03/12/2013
  • 2. 2 Snort capabilities  Detection and Prevention modes  Works on different network topologies  Traffic replication required for detection only (i.e. Port Mirroring)  Totally transparency to the hosts  Requires good CPU and Ram capabilities  Open Source Software  Customizable report formatting tools available (i.e. Barnyard2, MySQL, BASE, Placid)  Requires good configuration rules: TN and FP Simone Tino 03/12/2013
  • 3. IDS vs IPS 3 IDS IPS  Detection mode only  Active traffic control  Traffic replication required  “Original” traffic required  Decoupling detection and reaction  Detection and reaction support functionalities  IDS as a good assistant for network administration  Usually used for testing rules  No administrator assistance needed Simone Tino  Requires strict configuration  Two network cards bridging required 03/12/2013
  • 4. 4 Snort Intrusion Detection System • Port Mirroring required • Detection mode only Used to verify rules consistency Simone Tino 03/12/2013
  • 5. 5 Snort Intrusion Prevention System • Needs original traffic • Active traffic control Requires strict rules configuration Simone Tino 03/12/2013
  • 6. 6 Snort IPS Demo • Host 1: eth0: 192.0.0.2/24 • Host 2: eth0: 10.0.0.2/24 • Snort IPS: 2 network cards eth0: 192.0.0.3/24 eth1: 10.0.0.3/24  Communication between 2 different subnets  Snort IPS provides active and transparent control  Totally transparency to the hosts  Routing configuration required Simone Tino 03/12/2013
  • 7. Snort IPS - Demo 7 Simone Tino 03/12/2013
  • 8. 8 Configuration steps IDS works on a copy of the traffic. Company solutions based on Port Mirroring switch tool. IPS works on “original” traffic like firewalls. Typical installation between 2 networks. Simone Tino 03/12/2013
  • 9. 9 From IDS to IPS Iptables configuration implies packets to be redirected to userlevel. Here, Snort must be active to avoid packet-loss. Simone Tino 03/12/2013
  • 10. In the end… 10 Snort IPS can work in multiple modes. Snort inline with NFQ module is the more flexible and adaptable IPS solution. Using NFQ module in DAQ, many queues can be created; a Snort instance handles each queue (so, a different Snort rule set), where traffic can be redirected according to iptables rules. Simone Tino 03/12/2013