Network-Based Intrusion Detection System Tools Research Paper

Exclusively available on Available only on IvyPanda® Written by Human No AI

Introduction

SNORT is a system that can be used to prevent unauthorized network access either internally or externally. SNORT is built on an open-source platform. It is a combination of anomaly inspections and signature protocols. SNORT remains the most popular IDS due to its robust capabilities coupled with the open-source platform. When snort is used to manage internal access, it is said to be working as a firewall.

SNORT can work in a variety of modes including packet logger, sniffer, inline, and Network Intrusion Detection (NIDS) modes (Orebaugh et al., 2009). The NIDS mode is the most widely used mode of SNORT. Rules are written via regex. The different packets will then be analyzed by SNORT against the rules set and when a match is realized, the predefined rule is fired.

Rule Created

To illustrate how SNORT works, I will set rules to monitor the access of an external website. I will select the Redtube server since it is likely that the server has been making unsolicited access to the network. The rule I set was # snort -dvCq src host daffy and DSTport 138 and dst net 209.222.138.10 mask 255.255.255.

The rule will watch out for intrusion of the network from the RedTubeserver (whose IP is given). The rule will arrest the intrusion from the IP. The next thing would be to set a rule that fires when attempted access is detected by the rule set above. For the source address, I took the variable $EXTERNAL_NET. The variable and the port are both set to any. The IP address for RedTube will be used as the destination address with port 138 as specified in the above rule. UDP protocol is used to broadcast. This can be summarized as follows:-

alert udp $EXTERNAL_NET any -> 209.222.138.10 138 (msg:” Redtube access detected!”; content: “SMB”; content: “MAILSLOT”;)

I saved the file in /etc/snort/rules/my.rules. This would need to be called by the string, include $RULE_PATH/my.rules

Later on in the day when I was checking the logs, I found the following string [**] [1:0:0] Redtube access detected! [**]

01/06-02:21:23.465726 209.222.138.10:138 -> 209.222.138.10:138

UDP TTL:64 TOS:0x0 ID:64503 IpLen:20 DgmLen:262

Len: 242

Analysis and Conclusion

As can be seen, the rule set helped identify the access of the external to the network with the relevant details like the date and the time of the access. This can be instrumental n the management of the network as the traffic can be monitored by the network administrator. Filters can also be applied to lock out any undesirable access to the network.

SNORT has the capability of outputting logs into the database. This has many advantages to the organization. Scalability is made possible. As the network of the organization grows, the logs will keep on increasing. Having the logs in the database makes it easier to manage. As seen in the example above, the administrator will often be searching for a section of the logs. SNORT’s capability of storing the logs in the database makes the logs raw material for statistical analysis through charts and other methods (Roesch, 1999).

On top of all the advantages, SNORT is desirable since there are no huge cost implications involved. SNORT is built on an open soopen-sourcerm which means later releases to fix bugs or add functionality will either cost very little or will be given at no cost. SNORT will therefore be a good option to consider not only because of its robust capabilities in network and traffic management but also because of the affordability of the system.

References

Orebaugh, A. et al. (2009). SNORT Cookbook. New York: O’Reilly.

Roesch, M. (1999). . Paper Presented at the Systems Administration Conference. Web.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2022, March 21). Network-Based Intrusion Detection System Tools. https://ivypanda.com/essays/network-based-intrusion-detection-system-tools/

Work Cited

"Network-Based Intrusion Detection System Tools." IvyPanda, 21 Mar. 2022, ivypanda.com/essays/network-based-intrusion-detection-system-tools/.

References

IvyPanda. (2022) 'Network-Based Intrusion Detection System Tools'. 21 March.

References

IvyPanda. 2022. "Network-Based Intrusion Detection System Tools." March 21, 2022. https://ivypanda.com/essays/network-based-intrusion-detection-system-tools/.

1. IvyPanda. "Network-Based Intrusion Detection System Tools." March 21, 2022. https://ivypanda.com/essays/network-based-intrusion-detection-system-tools/.


Bibliography


IvyPanda. "Network-Based Intrusion Detection System Tools." March 21, 2022. https://ivypanda.com/essays/network-based-intrusion-detection-system-tools/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
1 / 1