Intrusion Detection Lectures

A quick course on detecting network threats using tcpdump and Snort

Technologies: #Linux #TCP/IP #tcpdump #Snort

Big thanks to Charles Berlin for the O RLY book cover generator!

Network Traffic Analysis Using tcpdump

Problem description:

• Many IDS systems do not show packets or allow to do a session reconstruction
• We are at the mercy of IDS to correctly interpret the traffic
• Are we supposed to take the IDS’s word that it was a legitimate attack?
• Sometimes the IDS is just plain wrong.

Lecture slides:

• Lecture 1 - Introduction
• Lecture 2 - Writing tcpdump Filters
• Lecture 3 - Examination of Datagram Fields
• Lecture 4 - Beginning Analysis
• Lecture 5 - Application Protocols and Detection

Intrusion Detection With Snort

Problem description:

• How to analyse network traffic in real time for conditions that will generate alerts and log the offending packets?
• How can we use custom configuration files containing runtime directives and rules?
• How to protect your network from zero day attacks unknown to your security team?

Lecture slides:

• Lecture 1 - Introduction
• Lecture 2 - Modes of Snort
• Lecture 3 - Writing Snort Rules
• Lecture 4 - Configuration and Tuning
• Lecture 5 - Sensor Deployment
• Lecture 6 - Output Analysis and Reporting
• Lecture 7 - Snort Front Ends and Advanced Topics

.