skip to main content
10.1145/1099435.1099461acmconferencesArticle/Chapter ViewAbstractPublication PagesuccsConference Proceedingsconference-collections
Article

Detecting intruders on a campus network: might the threat be coming from within?

Published:06 November 2005Publication History

ABSTRACT

Campus networks, and the Information Technology organizations that support these networks, are facing security threats that are increasing in both size and complexity. Students, faculty and (non-academic) staff collectively provide a broad set of expectations and challenges to securely support. Intrusive actions and security challenges may originate outside or within a network. Security and trust can be difficult to maintain in such an environment. Intrusion detection is an important part of a comprehensive security strategy.Snort has become a popular and widely installed Intrusion Detection System (IDS). It functions as a network packet sniffer which, based on comparisons of packet contents with known virus signatures encapsulated as rules, can initiate action and record events and information related to them in a log file and/or database. Because Snort inspects all packets on a network, large amounts of data can be produced, especially until an administrator can tune the rules sets, contained in 52 separate files, to the needs of the installation. This process can lead to a large number of false alerts, which may cause real alerts to be overlooked and the viability of the tool to be questioned.This paper summarizes work with installation and implementation of Snort on a North Central College internal network, with special emphasis on access to data logged to a MySQL database as well as presentation of data through Perl scripts. Output of Perl scripts and code snippets supporting the output are also presented as basis for future efforts.

References

  1. Beale, Jay, James C. Foster, Jeffrey Posluns, and Brian Caswell. Snort 2.0 Intrusion Detection. Rockland: Syngress Publishing, Inc. 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. www.snort.orgGoogle ScholarGoogle Scholar
  3. www.whitehat.orgGoogle ScholarGoogle Scholar

Index Terms

  1. Detecting intruders on a campus network: might the threat be coming from within?

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in
        • Published in

          cover image ACM Conferences
          SIGUCCS '05: Proceedings of the 33rd annual ACM SIGUCCS conference on User services
          November 2005
          482 pages
          ISBN:1595932003
          DOI:10.1145/1099435

          Copyright © 2005 ACM

          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 6 November 2005

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • Article

          Acceptance Rates

          Overall Acceptance Rate123of170submissions,72%

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader