1 / 27

Log Analysis and Intrusion Detection

This document covers the essentials of log analysis and intrusion detection systems (IDS) on both Windows and Linux platforms. It defines log analysis, providing examples such as user authentication and application logs. It also details the Linux auditing process, covering tools like Syslog, Metalog, and LogRotater. Furthermore, the document explains IDS, particularly how to set up Snort for detecting suspicious activities, including configuration, rule creation, and testing. Real-world scenarios illustrate Snort's operation in detecting various attacks such as Trojans and network scans.

melina
Télécharger la présentation

Log Analysis and Intrusion Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy

  2. Log Analysis (Windows And linux) What is log analysis? Describes an event (or) process activity in detail on the system. Examples : • user authentication event log • ftp authentication .

  3. Setup for LogAnalysis • Application Log Specific to particular application. eg:MS word,Windows Media Player • Security Log Specifically logs all the security features. • System Log Logs all the system related activities.

  4. Linux Auditing • Sysklog • Metalog • LogRotater Basic Linux Auditing Syslogd: Gives information about the general activities about the Kernel,Mails,Process and Remote logins.

  5. Intrusion Detection Systems (IDS) • What is an intrusion Detection System (IDS)? Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent Example : Snort

  6. Steps to setup IDS • Installation of snort • Creation of Snort configuration files • Creation of rules • Testing of rules

  7. Operation of Snort

  8. Using Snort in Different Scenarios • Ping • nmap Scan Utility • Subseven Trojan • Telnet • Internet Explorer

  9. SNORT AS A SNIFFER

  10. Starting snort to sniff the data on the network.

  11. Pinging the server from the client and sniffing data on server by snort.

  12. Traffic dump for Linuxusing snort

  13. Output for the snort sniffed data

  14. Adding preprocessor to the config files of Snort to filter port scanner.

  15. Xmas scan using nmap

  16. Alerts in Snort log files for Xmas Stealth activity.

  17. Preprocessor to sniff Trojans activity (ettercap)

  18. Creating snort config file to use detection engine

  19. Starting the snort service with detection engine

  20. Using Internet Explorer to detect directory traversal attack by snort

  21. Alert for the Directory Traversal attack in snort alerts file

  22. Creating the rules in snort to detect the subseven Trojan

  23. Adding subseven rules to config file of snort

  24. Starting the snort service with new subseven rule

  25. Attacking the server with subseven Trojan

  26. Alert log for the subseven Trojan detection

  27. Subseven Trojan scenario on Linux

More Related