UEU-co logo

Category: Network Security Hacks

 < Day Day Up >  Hack 96 Image Mounted Filesystems Make a bit-for-bit copy of your system’s disk for forensic analysis. Before you format and reinstall the operating system on a recently compromised machine, you should take the time to make duplicates of all the data stored on the system. Having an exact copy of the contents […]

 < Day Day Up >  Hack 98 Find Compromised Packages with RPM Verify operating system installed files in an RPM-based distribution. So you’ve had a compromise and need to figure out which files (if any) were modified by the intruder, but you didn’t install Tripwire? Well, all is not lost if your distribution uses RPM for its […]

 < Day Day Up >  Hack 97 Verify File Integrity and Find Compromised Files Use Tripwire to alert you to compromised files or verify file integrity in the event of a compromise. One tool that can help you detect intrusions on a host and also ascertain what happened after the fact is Tripwire (http://sourceforge.net/projects/tripwire). Tripwire is part […]

 < Day Day Up >  Hack 99 Scan for Root Kits Use chkrootkit to determine the extent of a compromise. If you suspect that you have a compromised system, it is a good idea to check for root kits that the intruder may have installed. In short, a root kit is a collection of programs that intruders […]

 < Day Day Up >  Hack 100 Find the Owner of a Network Track down network contacts using WHOIS databases. Looking through your IDS logs, you’ve seen some strange traffic coming from another network across the Internet. When you look up the IP address in DNS, it resolves as something like dhcp-103.badguydomain.com. Who do you contact to […]

 < Day Day Up >  Hack 87 Prevent and Contain Intrusions with Snort_inline Install Snort_inline on your firewall to contain intrusions, or to stop them as they’re happening. Wouldn’t it be nice if your NIDS could not only detect intrusions, but also do something about them? It would be nice if it could actually stop the intrusion […]

 < Day Day Up >  Hack 88 Automated Dynamic Firewalling with SnortSam Use SnortSam to prevent intrusions by putting dynamic firewall rules in place to stop in-progress attacks. An alternative to running Snort on your firewall and having it activate filtering rules on the machine it’s running on [Hack #87] is to have Snort communicate which filtering […]

 < Day Day Up >  Hack 89 Detect Anomalous Behavior Detect attacks and intrusions by monitoring your network for abnormal traffic, regardless of the actual content. Most NIDS monitor the network for specific signatures of attacks and trigger alerts when one is spotted on the network. Another means of detecting intrusions is to generate a statistical baseline […]

 < Day Day Up >  Chapter 7. Network Intrusion Detection Hacks #82-95 Section 82.  Detect Intrusions with Snort Section 83.  Keep Track of Alerts Section 84.  Real-Time Monitoring Section 85.  Manage a Sensor Network Section 86.  Write Your Own Snort Rules Section 87.  Prevent and Contain Intrusions with Snort_inline Section 88.  Automated Dynamic Firewalling with SnortSam Section […]

 < Day Day Up >  Hacks #96-100 Incident recovery and response is a very broad topic, and there are many opinions on the proper methods to use and actions to take once an intrusion has been discovered. Just as the debate rages on regarding vi versus emacs, Linux versus Windows, and BSD versus everything else, there is […]

 < Day Day Up >  Hack 83 Keep Track of Alerts Use ACID to make sense of your IDS logs. Once you have set up Snort to log information to your database [Hack #82] ), you may find it hard to cope with all the data that it generates. Very busy and high-profile sites can generate a […]

 < Day Day Up >  Hack 84 Real-Time Monitoring Use Sguil’s advanced GUI to monitor and analyze IDS events in a timely manner. One thing that’s crucial when analyzing your IDS events is to be able to correlate all your audit data from various sources, to determine the exact trigger for the alert and what actions should […]

 < Day Day Up >  Hack 85 Manage a Sensor Network Use SnortCenter’s easy-to-use web interface to manage your NIDS sensors. Managing an IDS sensor and keeping track of the alerts it generates can be a daunting task, and even more so when you’re dealing with multiple sensors. One way to unify all your IDS management tasks […]

 < Day Day Up >  Hack 86 Write Your Own Snort Rules Customize Snort for your own needs quickly and easily by leveraging its flexible rule engine and language. One of the best features of Snort is its rule engine and language. Snort’s rule engine provides an extensive language that enables you to write your own rules, […]

 < Day Day Up >  Hack 82 Detect Intrusions with Snort Use one of the most powerful (and free) network intrusion detection systems available to help you keep an eye on your network. Monitoring your logs can take you only so far in detecting intrusions. If the logs are being generated by a service that has been […]

No related posts found…

Categories

apply_now Pepperstone Group Limited