ABSTRACT
Campus networks, and the Information Technology organizations that support these networks, are facing security threats that are increasing in both size and complexity. Students, faculty and (non-academic) staff collectively provide a broad set of expectations and challenges to securely support. Intrusive actions and security challenges may originate outside or within a network. Security and trust can be difficult to maintain in such an environment. Intrusion detection is an important part of a comprehensive security strategy.Snort has become a popular and widely installed Intrusion Detection System (IDS). It functions as a network packet sniffer which, based on comparisons of packet contents with known virus signatures encapsulated as rules, can initiate action and record events and information related to them in a log file and/or database. Because Snort inspects all packets on a network, large amounts of data can be produced, especially until an administrator can tune the rules sets, contained in 52 separate files, to the needs of the installation. This process can lead to a large number of false alerts, which may cause real alerts to be overlooked and the viability of the tool to be questioned.This paper summarizes work with installation and implementation of Snort on a North Central College internal network, with special emphasis on access to data logged to a MySQL database as well as presentation of data through Perl scripts. Output of Perl scripts and code snippets supporting the output are also presented as basis for future efforts.
- Beale, Jay, James C. Foster, Jeffrey Posluns, and Brian Caswell. Snort 2.0 Intrusion Detection. Rockland: Syngress Publishing, Inc. 2003. Google ScholarDigital Library
- www.snort.orgGoogle Scholar
- www.whitehat.orgGoogle Scholar
Index Terms
Detecting intruders on a campus network: might the threat be coming from within?
Recommendations
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conferenceAlthough network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
Resistance analysis to intruders' evasion of detecting intrusion
ISC'06: Proceedings of the 9th international conference on Information SecurityMost network intruders launch their attacks through a chain of compromised hosts (stepping-stones) to reduce the risks of being detected or captured. Detecting such kind of attacks is important and difficult because of intruders' evasion to detection, ...
Data base support for intrusion detection with honeynets
TELE-INFO'07: Proceedings of the 6th WSEAS Int. Conference on Telecommunications and InformaticsAs computer attacks are becoming more and more difficult to identify the need for better and more efficient intrusion detection systems increases. The main problem with current intrusion detection systems is high rate of false alarms. In this paper we ...
Comments