Home > Software > Linux



Using OpenBSD and Snort to build ready to roll Network Intrusion ...

Sort Desciption:

Overview of OpenBSD and Snort. Deployment of Distributed Network Intrusion ... $OpenBSD: Makefilev1.201 2004/02/29 18:02:14 deraadt Exp $ ...



Content Inside:

Using OpenBSD and Snort to build ready to roll Network Intrusion Detection System SensorPage 1Using OpenBSD and Snortto build ready to roll NetworkIntrusion Detection SystemSensorUSENIX'04 / UseBSDTuesday June 29 2004http://www.mycert.org.my/sensor/Page 2About SpeakerKamal Hilmi Othmankhilmi@niser.org.myMohammad Rizal Othmanrizal@jaring.myPage 3Agenda Overview of OpenBSD and Snort Deployment of Distributed Network IntrusionDetection System Building OpenBSD and Snort for NetworkIntrusion Detection System Sensor (x86) Wrap up (Ready To Roll)Page 4Problem Statement We need to install / deploy multiple NetworkIntrusion Detection System (NIDS) sensorwithin our network. Basically the sensor is scattered aroundand need that fast! We need to deploy for partner (case to casebasis)Page 5MotivationPage 6OpenBSD BSD code base maturity. Secure By Default. Support for Internet infrastructure. Easy distribution sets. http://www.openbsd.orgPage 7Snort Most notably Network Intrusion DetectionSystem. Community signature support. Portable and configurable. http://www.snort.orgPage 8NIDS Sensor As an agent it analyzes network packets inreal time and compares them against adatabase of known 'attack signatures' orpatterns. It will push the data into remote database.Page 9Distributed NIDS Generic Concept1 to n SensorsConsolen1234Page 10Typical Installation1. Install OpenBSD.2. Tweak a kernel for performance tuning.3. Install required third party software MySQLclient and PCRE.4. Compile Snort with MySQL support and Snortrelated stuff Barnyard Stunnel signature userand group.5. Take out unnecessary stuff.6. Putting in house scripts.7. Host hardening process.Page 11Problem Time consume. Geographical boundary? Imagine when you need to roll 8 sensor?Page 12Our approach Build one install many. Installation process will cover all. Ideal sensor: Performance Minimal OS No unneeded component Easy distribution just iso / cdrom.Page 13Building A Release1. Install OpenBSD extract sys.tar.gz into ...

Source: www.openbsdsupport.org


add to Google Reader add to Google Bookmark add to bloglines add to newsgator add to FURL add to digg add to webnews add to Netscape add to Yahoo MyWeb add to spurl.net add to diigo Bookmark newsvine Bookmark del.icio.us Bookmark @ SIMPIFY Bookmark MISTER WONG Bookmark Linkarena Bookmark icio.de Bookmark oneview Bookmark folkd.com Bookmark yigg.de Bookmark reddit Bookmark StumbleUpon Bookmark Slashdot Bookmark blinklist Bookmark technorati add to blogmarks add to blinkbits add to ma.gnolia add to smarking.com add to netvouz add to co.mments add to Connotea add to de.lirio.us

 

Related Files

TruePort Linux User Guide

Filed under: Software and Linux
TruePort Linux User Guide, Version 6.0, Part #5500164-10 1 TruePort Linux User Guide This document ... SSL/TLS Trouble Shooting ...

066 - Advanced Unix/Linux Admin & Microsoft Windows Integration

Filed under: Software and Linux
... com.au www.mit.com.au Overview This course has a strong practical slant covering the use of Linux ... and test login i) Security - Iptables, firewalling j) Putty -secure remote admin Day 5 Trouble shooting a ...

Using under OpenBSD

Filed under: Software and Linux
participates in the de] OpenBSD Translation Project. . runs the OpenBSD mirror at the University of Erlangen. Germany (. anoncvs2.de.openbsd.org ...

eurobsdcon 05 For Your Information: OpenBSD @ eurobsdcon 05 ...

Filed under: Software and Linux
Implementing and deploying OpenBSD based wireless networks using hostapd ... cesspoints and a centralized OpenBSD network booting and management server. ...

Using OpenBSD and Snort to build ready to roll Network Intrusion ...

Filed under: Software and Linux
Overview of OpenBSD and Snort. Deployment of Distributed Network Intrusion ... $OpenBSD: Makefilev1.201 2004/02/29 18:02:14 deraadt Exp $ ...