Tag Archives: Intrusion prevention system

Cisco IPS: Anomaly detection Introduction

Introduction Cisco IPS 4240 establishes a baseline (normal traffic) and uses this baseline to check for deviation from traffic patterns to determine if there is anomaly in the network. This detection technique mainly detects worm attacks originated from host/s in … Continue reading

Posted in IDS/IPS, Security | Tagged , , , | Leave a comment

Building an IDS : installing snorby, suricata and barnyard2

Reference 1: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Snorby_and_Barnyard2_set_up_guide Reference 2: http://www.aldeid.com/wiki/Suricata/Setting-up-rules Reference 3: https://www.corelan.be/index.php/2011/02/27/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x/ Reference 4: https://github.com/Snorby/snorby/issues/102#issuecomment-1704653 Reference 5: http://www.aldeid.com/wiki/Snorby Disclaimer I claimed no credits for this post, this post is for my own personal reference while installing the components onto the Ubuntu Server 12.04 … Continue reading

Posted in IDS/IPS, Linux, Security, System OS | Tagged , , , , , , , , , , , , , , | 13 Comments

Building an IDS/IPS on a Linux machine Part 1 – Preparation work

I am learning how to build an IDS/IPS machine from Centos 6.3 minimal installation from a friend, so here’s the preparation work. I claim no credit for this post, this is the instruction by my great friend William. For CentOS … Continue reading

Posted in IDS/IPS, Security | Tagged , , , , , | Leave a comment