IDS System Snort & Bro IDS - IT Assignment Sample

You can download the sample Information Technology essay on ‘A Report on Two IDS System Snort & Bro IDS’ with the following question for free at the end of this page. For further assistance in Information Technology Assignment help, please check our offerings in Information Technology assignment solutions. Our subject-matter experts provide online assignment help to Information Technology students from across the world and deliver plagiarism free solution with free Turnitin report with every solution.

(AssignmentEssayHelp does not recommend anyone to use this sample as their own work.)

Information Technology Assignment Question

Research Snort and Bro IDS systems. These two IDS systems work in different ways. Research how they both work, and use examples to demonstrate your understanding. Research, design and implement a professional, thorough testing process for the two IDS systems, using best of practice methodologies and tools.

Critically analyse the results of the testing, compare results and suggest improvements in the methodologies used, and suggest improvements to the IDS systems. Make a recommendation as to which, if any (or both) systems you would choose.

Information Technology Assignment Solution on A Report on Two IDS System Snort & Bro IDS

ABSTRACT

As the world has globalized, so are the trade, commerce and communication. This is possible because of the modern day technology which is cutting the barriers of boundaries, but at the same time has repercussion and downside. Today, companies are dealing with more real time threats and vulnerabilities as compared to the past. There is always the risk of breach of perimeter security and often, companies ended, but up with legal battles and huge monetary loss along with reputational losses. As companies having details of a customer which falls under the category of Personally Identifiable Information (PII) along with the financial details with credit and debit card details of their clients, there is a great challenge to store this information with complete concern on its isolation, non-disclosure and Privacy related issues. Major laws that talks on the information security are like ISO 27001, Data Protection Act, PIPEDA, HIPPA, Sarbanes Oxley, PCI-DSS, Australian Privacy Act 1988 so on and so forth. Thus, there is an absolute need for companies to build a safe and secure network environment for all their business needs and having an in-depth review, control and monitoring all their network traffic regularly to avert any possible threat, vulnerability or attacks…

Read more in the complete solution PDF document at the end of this page.

ABOUT BRO IDS

This is a Unix-based Network Intrusion Detection System (NIDS) that uses open source platform for monitoring network traffic. This tool works passively to look for suspicious activity and vulnerabilities. Bro detects intrusions through a two-step approach and simultaneously a log entry is generated to alert in real-time and execution of an operating system command. It first parses the network traffic to extract its application-level semantics defined by signatures and then executing event-oriented analyzers that compare the activity with patterns deemed troublesome.

Bro can be differentiated from SNORT as SNORT is a signature based IDS which relies on the availability of good signatures to detect intrusions while bro scripts look for anomalies and could be written to understand the application semantics…

VULNERABILITY TESTING USING BRO IDS

Bro IDS can be tested by creating a test environment using Virtual machine having multiple O.S up and running. The packets will be captured using the packet analyzer and sniffer tool- Wireshark and WebGoat and analysis is performed using Bro IDS.

The Linux host having a virtual router is running on virtualization software- virtual Box. WebGoat is a Virtual box guests while Wireshark is on Linux host with attacker system on a separate station and the packets sent passes the network interface on the Linux host to get captured by Wireshark. (Manuel Humber 2012)…

Read more in the complete solution PDF document at the end of this page.

Security Onion: – Searching DNS Traffic using Bro IDS and ELSA

Security Onion is open source UNIX based (Ubuntu) operating system. On it BRO and ELSA can be configured to see the entire DNS request in your network and analyze those quickly and easily.

Design and Working of Bro IDS

Onion Security setup will be installing BRO to monitor Ethernet 1. This virtual machine has two interfaces (eth0 is management interface;) eth1 is the sniffing interface. Bro monitors the traffic on eth1 and has the amazingly detailed Bro logs to include things like the Con logs, Ftp logs, Http logs, IRC logs.

Important: this virtual machine is not connected to live network, instead traffic is simulated by using TCP replay to replay some of the PCAPS build onto the security onion. Soon after the setup is complete we will go to the terminal use TCP REPLAY, create the traffic , then we look at the logs being created based on that traffic. Then we will go to the ELSA web interface and see how to use it to take millions of logs for quick analysis…

Read more in the complete solution PDF document at the end of this page.

ABOUT SNORT

SNORT was created by Martin Roesch in 1998 is a very popular network intrusion detection and prevention system. It is open source utility having the ability to perform real-time traffic analysis and packet logging for attacks like operating system fingerprinting, server message block probes, buffer overflows, common gateway interface and stealth port scans. It performs protocol analysis and content searching, content matching on Internet Protocol (IP) networks. (IT-Professional 2013) …

COMPONENTS AND WORKING OF SNORT

Snort is logically divided into multiple components to work together for detecting particular attacks and to generate output in a required format from the detection system. The major components of this type of IDS system are:

Packet Decoder: The packet decoder prepares the packets taken from different types of network interfaces to preprocess in the detection engine.
Preprocessors or Input Plug-ins: Preprocessors are components or plug-ins that can be used with Snort to arrange or modify data packets before the detection engine does some operation to find out if the packet is being used by an intruder. They are also used to normalize protocol headers, detect anomalies, packet reassembly and TCP stream re-assembly…

Read more in the complete solution PDF document at the end of this page.

COMPARISON OF SNORT & BRO

Both the IDS are open source tools, so the comparison is based on different parameters like signatures, speed, interface, deployment, flexibility and operating system capability.

Signatures: Clearly, for detecting intrusions based on signatures, the Bro signatures are more sophisticated than the signatures used in Snort.
Speed: Bro IDS effectively works in high-speed environments and able to capture data from Gbps networks. Thus, for large scale networks Bro is more suitable whereas Snort IDS do not run perfectly in high speed networks as it slows down the traffic while dropping packets.

CONCLUSION

Computer Security has three major aspects of its related security. These are Integrity, Confidentiality and Availability. Often called as the triad of the information security, these three fundamentals ensure the completeness of the information is maintained, also make sure that the information assets are only accessed by authorized parties and should always be available for them. So finding a full proof secure system is always very difficult as setting right balance is a challenge.

Though firewalls are good as they use packet filtering technique (i.e. filtering combination of the packets ranging from source and destination address, TCP and UDP traffic, the port number and its protocol), it has some weakness. They are difficult to maintain, configure and keep updated.

(Some parts of the solution has been blurred due to privacy protection policy)