Category Archives: IDS/IPS

Cisco Systems: IPS4360, Cisco Security Manager, simple example on how to create a test plan

Cisco IPS4360 The IPS4300 series is the latest intrusion prevention/detection system by Cisco Systems, it has two quad core CPUs, 8GB RAM and 8GB flash, it has an option for redundant power supply as well. If you are using Cisco … Continue reading

Posted in IDS/IPS, Security | Tagged , , , | Leave a comment

Cisco Systems: Cisco IPS setup

The initial setup for Cisco IPS4360. Run the command setup to get started.

Posted in IDS/IPS, Security | Tagged , , | Leave a comment

Suricata: Base64 password in cleartext detected

Nagios cleartext password is encoded with base64 which can be easily reversed with base64-ascii converter. The rule was fired when basic authentication in base64 is unencrypted. Nice…

Posted in IDS/IPS, Security | Tagged , | Leave a comment

Start barnyard2, suricata, snorby workers after booting up

I am not good with bash, so I use /etc/rc.local to start the services every time my ubuntu server 12.04 LTS restarted.

Posted in IDS/IPS, Security | Tagged , , , | Leave a comment

Where to disable or enable SURICATA UDPv4 invalid checksum

This rule can be enabled or disabled in decoder-events.rules, for my case the rules are installed in /etc/suricata/rules under Checksum rules section.

Posted in IDS/IPS, Security | Tagged | Leave a comment

Change rules location from suricata.yaml

the default rules directory is not the same as the one i am using. I need to change it in order to utilize the rules in my own directory /etc/suricata/rules I changed the config to: Restart suricata: sudo suricata -c … Continue reading

Posted in IDS/IPS | Tagged , | Leave a comment

Building an IDS : installing snorby, suricata and barnyard2

Reference 1: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Snorby_and_Barnyard2_set_up_guide Reference 2: http://www.aldeid.com/wiki/Suricata/Setting-up-rules Reference 3: https://www.corelan.be/index.php/2011/02/27/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x/ Reference 4: https://github.com/Snorby/snorby/issues/102#issuecomment-1704653 Reference 5: http://www.aldeid.com/wiki/Snorby Disclaimer I claimed no credits for this post, this post is for my own personal reference while installing the components onto the Ubuntu Server 12.04 … Continue reading

Posted in IDS/IPS, Linux, Security, System OS | Tagged , , , , , , , , , , , , , , | 13 Comments