Demonstration of Computer Security Tools
Added on 2023-06-12
13 Pages3048 Words206 Views
Running head: IT SECURITY MANAGEMENT
Demonstration of Computer Security Tools
Name of the student
Name of the University
Author’s Note
Demonstration of Computer Security Tools
Name of the student
Name of the University
Author’s Note
1
IT SECURITY MANAGEMENT
Table of Contents
Introduction...........................................................................................................................................2
Install/ Deploy of snort..........................................................................................................................2
Researching on security vulnerabilities of an application......................................................................4
2 Penetration techniques......................................................................................................................5
Conclusion.............................................................................................................................................6
References.............................................................................................................................................7
IT SECURITY MANAGEMENT
Table of Contents
Introduction...........................................................................................................................................2
Install/ Deploy of snort..........................................................................................................................2
Researching on security vulnerabilities of an application......................................................................4
2 Penetration techniques......................................................................................................................5
Conclusion.............................................................................................................................................6
References.............................................................................................................................................7
2
IT SECURITY MANAGEMENT
Introduction
The report is prepared for the discussion of the penetration techniques that can be used for
detection of the vulnerability of a system and secure the network from outside breaches. There are
different network penetration tools and that can be used for getting the access of the core network
devices and among them Snort is chosen for intrusion detection. Snot is a popular open source tool
that can be used for detection of the overlapping fragments and currently used in the assignment for
penetration testing of a network.
Install/ Deploy of snort
For the installation or deployment of snort three files are required to be downloaded that is
the WinPcap fr capturing the data packets, snort installer and the set of snort rules. The snort rules
package should be extracted after installation of the snort and the winpcap .exe files. A subfolder
should be created during the extraction of the snort rules file under the c:\Snort directory. The
contents of the rules folder should be extracted in the folder C:\Snort\rules and the contents of the
preproc_rules should be extracted to the Snort:\preproc_rules directory. The rest of the folders
should be ignored because they are created by sourcefire for Linux and windows does not support
those files.
After the completion of the installation of the components the repose of the program can be
checked using the following commands in the command prompt.
For changing the directory to snot program the following command is used:
C:\>cd \Snort\bin
The installed version of Snort can be checked using the command C: \Snort\bin>snort –V
The command C: \Snort\bin>snort –w is used for checking the details of the network
adapters connected with the system and configure the snort to listen to the particular adapter when
it runs.
IT SECURITY MANAGEMENT
Introduction
The report is prepared for the discussion of the penetration techniques that can be used for
detection of the vulnerability of a system and secure the network from outside breaches. There are
different network penetration tools and that can be used for getting the access of the core network
devices and among them Snort is chosen for intrusion detection. Snot is a popular open source tool
that can be used for detection of the overlapping fragments and currently used in the assignment for
penetration testing of a network.
Install/ Deploy of snort
For the installation or deployment of snort three files are required to be downloaded that is
the WinPcap fr capturing the data packets, snort installer and the set of snort rules. The snort rules
package should be extracted after installation of the snort and the winpcap .exe files. A subfolder
should be created during the extraction of the snort rules file under the c:\Snort directory. The
contents of the rules folder should be extracted in the folder C:\Snort\rules and the contents of the
preproc_rules should be extracted to the Snort:\preproc_rules directory. The rest of the folders
should be ignored because they are created by sourcefire for Linux and windows does not support
those files.
After the completion of the installation of the components the repose of the program can be
checked using the following commands in the command prompt.
For changing the directory to snot program the following command is used:
C:\>cd \Snort\bin
The installed version of Snort can be checked using the command C: \Snort\bin>snort –V
The command C: \Snort\bin>snort –w is used for checking the details of the network
adapters connected with the system and configure the snort to listen to the particular adapter when
it runs.
3
IT SECURITY MANAGEMENT
By default there are two adapters in a typical windows system and this number may increase
on installation of different applications such as VMWare, Virtual Box. The number of interface that
would be used for listening or capturing packets can be selected using the option –i. The snort config
file is required to be edited and it should be matched with the local environment. Simple text editor
such as Notepad ++ can be used for editing thee snort.conf file.
The following steps are performed for the customizing the snort.conf file:
Step 1: The declaration of Home_Net should be changed to the Ip address of the home
network from default “any”. A CIDR format is used for inputting the IP address.
Step 2: The declaration of the External_Net should be change to !$HOME_NET which means
that the IP address of the external network can be any that is not a part of the home network IP
address.
Step 3: The servers should be configured with the Home_Net and the list of the web server
ports can be reduces by declaring HTTP_PORTS.
Step 4: The rule path should be changed for matching the actual location and the rules are
stored in the directory c:\Snort\rules.
Step 5: In a similar way the preproc rule path should also be changed for matching the
appropriate location in the directory using the command c:\Snort\preproc_rules.
IT SECURITY MANAGEMENT
By default there are two adapters in a typical windows system and this number may increase
on installation of different applications such as VMWare, Virtual Box. The number of interface that
would be used for listening or capturing packets can be selected using the option –i. The snort config
file is required to be edited and it should be matched with the local environment. Simple text editor
such as Notepad ++ can be used for editing thee snort.conf file.
The following steps are performed for the customizing the snort.conf file:
Step 1: The declaration of Home_Net should be changed to the Ip address of the home
network from default “any”. A CIDR format is used for inputting the IP address.
Step 2: The declaration of the External_Net should be change to !$HOME_NET which means
that the IP address of the external network can be any that is not a part of the home network IP
address.
Step 3: The servers should be configured with the Home_Net and the list of the web server
ports can be reduces by declaring HTTP_PORTS.
Step 4: The rule path should be changed for matching the actual location and the rules are
stored in the directory c:\Snort\rules.
Step 5: In a similar way the preproc rule path should also be changed for matching the
appropriate location in the directory using the command c:\Snort\preproc_rules.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Research Methods for Hardening PFSenselg...
|8
|528
|324
Research Methods for Hardening PFSenselg...
|8
|522
|177
Networking and Securitylg...
|4
|801
|57
Firewallslg...
|17
|1394
|368
Troubleshooting Documentlg...
|5
|824
|69