Snort Network Monitoring System Snort Force One Nicholas

Snort Network Monitoring System Snort Force One Nicholas Novello, Shayne Gradwell, Nikolas Todd 1

Agenda Introduction Project Background What is snort? Prox. Mox Scripts Budget Challenges Lessons Learned Accomplishments Conclusion Acknowledgements References Questions 2

Project Background What is snort? Provides real time monitoring for suspicious network traffic, to log, alert, drop packets from potential attacks or matching rules. How does snort work? 3 Main operation modes: ▪ Sniffer ▪ Packet logger ▪ NIDS – Network Intrusions Detection System 3

Project Background: Prox. Mox What is Prox. Mox Hypervisor ▪ Virtualized software ▪ Debian based. Create virtual containers, or machines using a web Interface 4

Project Background: Scripts Sets a base line for comparison. Displays number of all protocols captured. Essential for statistical analysis to monitor trends, and detect potential variances. December 22, 2021 5

Budget Item Hours Rate Cost Shayne Gradwell 79. 1 $75 $5, 932. 5 Nikolas Todd 76. 5 $75 $5, 737. 5 Nicholas Novello 83. 4 $75 $6, 255 Item Initial Budget Actual Budget Hardware $3, 040. 65 $3, 319. 89 Operating Costs/Wages $16, 650. 00 $17, 925 Total $19, 690. 65 $21, 244. 89 Variance $1554. 24 6

Challenges Time management Hardware issues. Configuration issues: virtualized environment, Snort logging/NIDS flags, Networking. 7

Lessons Learned Time management is key. Good Information can be hard to find Journaling is important, both for creating an accurate manual and for budgeting. Things are not as easy as you might expect them to be, so plan accordingly. 8

Accomplishments Secured Virtualized environment - Prox. Mox Packet logging - Snort box (Cent. OS container) Perl script to log metrics – Automated Developed adept problem solving skills Strengthened our friendship over the past 13 weeks 9

Conclusion As a team we hope to utilize and apply all that we have learned these past few months to our career’s and projects in the future. We have thoroughly enjoyed the challenge and experience while looking forward to a career in the IT industry. 10

Acknowledgments & References We would like to thank: Timothy Williams Colin Chamberlain Dylan Saunders Jason Fisher Images all public domain obtained from: http: //pixabay. com/ http: //compfight. com/ 11

References Cont. [1] CISCO IT http: //www. cisco. com/c/en/us/products/security/content-security-managementappliance/index. html Last accesed 04/12/2014 [2] Snort https: //snort. org/ Last accesed 9/4/2015 [3] Proxmox https: //www. proxmox. com/en/ Last accesed 9/4/2015 [4] Snort manual http: //manual. snort. org/ Last accesed 9/4/2015 [5] Cent. OS https: //www. centos. org/docs/5/html/Deployment_Guide-en-US/s 1 -networkscriptsinterfaces. html Last accesed 9/4/2015 [6] Cent. OS Wiki http: //wiki. centos. org/FAQ/Cent. OS 7 Last accesed 9/4/2015 [7] Vimeo https: //vimeo. com/10465331 Last accesed 9/4/2015 [8] SANS http: //www. sans. org/reading-room/whitepapers/detection/analysis-snort-dataacquisition-modules-34027 Last accesed 9/4/2015 [9] Snort Cookbook http: //commons. oreilly. com/wiki/index. php/Snort_Cookbook Last accesed 9/4/2015 [10] Tamato USB http: //tomatousb. org/forum/t-369388/step-by-step-procedure-for-installingand-configuring-snort Last accesed 9/4/2015 [11] The Geek Stuff http: //www. thegeekstuff. com/2010/08/snort-tutorial/ Last accesed 9/4/2015 [12] Proxmox wikia https: //pve. proxmox. com/wiki/Main Last accesed 9/4/2015 General Ideas http: //www. proj 354. com/itcs/10 to 19/wi 2014. htm Last accesed 04/12/2014 General Reference Timothy Williams 26/12/2014 [13] William Parker, https: //snort. org/documents/snort-2 -9 -7 -x-on-centos-6 -x-and-7 -x Last accesed 9/4/2015 [14] Cent. Os. org, https: //www. centos. org/docs/5/html/Deployment_Guide-en-US/s 1 networkscripts-interfaces. html Last accesed 9/4/2015 [15] manpagez, http: //www. manpagez. com/man/8/snort/ Last accesed 9/4/2015 December 22, 2021 12

Questions 13