Cisco IPS: Anomaly detection Introduction

Introduction Cisco IPS 4240 establishes a baseline (normal traffic) and uses this baseline to check for deviation from traffic patterns to determine if there is anomaly in the network. This detection technique mainly detects worm attacks originated from host/s in the network. Worm propagated by email, instant messages and file sharing cannot be detected by … Continue reading Cisco IPS: Anomaly detection Introduction

Advertisements

Building an IDS : installing snorby, suricata and barnyard2

Reference 1: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Snorby_and_Barnyard2_set_up_guide Reference 2: http://www.aldeid.com/wiki/Suricata/Setting-up-rules Reference 3: https://www.corelan.be/index.php/2011/02/27/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x/ Reference 4: https://github.com/Snorby/snorby/issues/102#issuecomment-1704653 Reference 5: http://www.aldeid.com/wiki/Snorby Disclaimer I claimed no credits for this post, this post is for my own personal reference while installing the components onto the Ubuntu Server 12.04 LTS. No plagiarism is intended! All setup credits go to References above. Please follow the … Continue reading Building an IDS : installing snorby, suricata and barnyard2

Building an IDS/IPS on a Linux machine Part 1 – Preparation work

I am learning how to build an IDS/IPS machine from Centos 6.3 minimal installation from a friend, so here's the preparation work. I claim no credit for this post, this is the instruction by my great friend William. For CentOS 6.2 minimal installation I will need libcap-ng, libcap-ng-devel, libdnet, file and file-devel, magic and magic-devel, … Continue reading Building an IDS/IPS on a Linux machine Part 1 – Preparation work