ProductsLogo
LogoStudy Documents
LogoAI Grader
LogoAI Answer
LogoAI Code Checker
LogoPlagiarism Checker
LogoAI Paraphraser
LogoAI Quiz
LogoAI Detector
PricingBlogAbout Us
logo

Snort IDS: Implementation and Analysis

Verified

Added on  2020/04/13

|4
|708
|101
AI Summary
This assignment delves into the implementation and analysis of Snort, a widely used open-source intrusion detection system (IDS). It covers Snort's advantages over alternatives like Tcpdump, its protocol rule configurations for ICMP and TCP, real-time alert generation through examples, and a comparative discussion between IDS and Intrusion Prevention Systems (IPS). The assignment analyzes the pros and cons of both IDS and IPS, highlighting their benefits and limitations in network security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
BEST CHOICE FOR CLIENT IS SNORT SYSTEM
Justification for choosing Snort as IDS
Snort is a lightweight IDS that can be easily deployed on a network with minimal disruptions to
operations. Snort support various operating system such as Linux, UNIX and Windows. Snort
has a capability of packet payload detection which Tcpdump does not have. Also its decoded
display output is more user friendly than Tcpdump. Snort support MYSQL database therefore all
the events can be stored in a database. This will allow a user to search, view and profile the event
at any time. Also snort is an open source back by the cisco and the community therefore it has a
large support from the community.
After installation Snort Rule is 0
List of Snort decoder preprocessor engines
ICMP and TCP Snort protocol rules
ICMP and TCP Snort protocol rule added

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Running Snort with real time console alert
ICMP rule were added so by Pinging from another computer in the network, the snort
generates positive alert of intrusion in the network. The IP of a client who is pinging has been
shown as 192.168.43.47
Intrusion detection program vs an intrusion prevention system
Snort -- The poor man's intrusion-detection system. (2017) IPS is similar to IDS except that IPS is
able to block threat. IPS monitor, logs and report activities similarly to IDS but they are also
capable of stopping potential threat without system administrator.
The Pros & Cons of Intrusion Detection Systems. (2017) Both Intrusion detection program and
intrusion prevention system are important to any organization by offering the following benefits:
Detecting intrusion in real time.
Ability to analyze large data.
Automated action and responses such as blocking potential threat and alerting
administrator of any intrusion respectively.
Real time reporting capabilities.
Through data analysis network rules and policies can be derived from it.
Document Page
Pros for Intrusion detection program
IDS can detect internal and external attacks.
IDS can be scale easily to cover entire networks.
It offers centralized management for correlational attacks.
Tracking of virus propagation in the network
Keep data for forensic analysis
Cons for Intrusion detection program
Generate a lot of data to be analyzed.
It cannot analyze encrypted messages
It only reacts to attacks by sending alerts and cannot prevent the attack from taking place.
Generates false alarms and false negative of intrusion detections
It require full time monitoring and skilled personnel to interpret the data.
Expensive to implement over a complex network
Pros for Intrusion prevention system
React to potential threat and prevent attacks
Provide depth defenses in the network.
Real time event analysis
Does not require administrative personnel since it make decision based on the rules
provided
Cons for Intrusion prevention system
If an IPS is not tuned correctly, it can also deny legitimate traffic causing denial of
resource to an application.
Create network bottleneck since all traffics must pass through the IPS system in order to
be analyze.
Generate false positive alarms which can lead to problem if automated system responses
are enabled.
Expensive to implement in an organization with complex network design.
References
Snort -- The poor man's intrusion-detection system. (2017). SearchSecurity. Retrieved 15 November
2017, from http://searchsecurity.techtarget.com/tip/Snort-The-poor-mans-intrusion-detection-system
» The Pros & Cons of Intrusion Detection Systems. (2017). » The Pros & Cons of Intrusion Detection
Systems. Retrieved 15 November 2017, from https://komunity.komand.com/learn/featured/the-pros-
cons-of-intrusion-detection-systems/
Top Free Network-Based Intrusion Detection Systems (IDS) for the Enterprise. (2017). Upguard.com.
Retrieved 15 November 2017, from https://www.upguard.com/articles/top-free-network-based-
intrusion-detection-systems-ids-for-the-enterprise
Understanding Intrusion Detection | Part I - Intrusion Detection: Primer. (2017). Flylib.com. Retrieved 15
November 2017, from http://flylib.com/books/en/2.352.1/understanding_intrusion_detection.html
Document Page
Write Your Own Snort Rules. (2017). Archive.oreilly.com. Retrieved 15 November 2017, from
http://archive.oreilly.com/pub/h/1393
Cite a Website - Cite This For Me. (2017). Snort.datanerds.net. Retrieved 15 November 2017, from
http://snort.datanerds.net/lisapaper.txt
1 out of 4
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.