Evading IDS, Firewalls and Honeypots
An Intrusion Detection System (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.
The objective of this lab is to help students learn and detect intrusions in a network, log, and view all log files. In this lab, you will learn how to:
Install and configure Snort IDS
Run Snort as a service
Log snort log files to Kiwi Syslog server
Store snort log files to two output sources simultaneously
Due to a growing number of intrusions and since the Internet and local networks have become so ubiquitous, organizations are increasingly implementing various systems that monitor IT security breaches. Intrusion detection systems (IDSes) are those that have recently gained a considerable amount of interest. An IDS is a defense system that detects hostile activities in a network. The key is then to detect and possibly prevent activities that may compromise system security, or a hacking attempt in progress including reconnaissance/data collection phases that involve, for example, port scans.
One key feature of intrusion detection systems is their ability to provide a view of unusual activity and issue alerts notifying administrators and/or block a suspected connection. According to Amoroso, intrusion detection is a process of identifying and responding to malicious activity targeted at computing and networking resources. In addition, IDS tools are capable of distinguishing between insider attacks originating from inside the organization (coming from its own employees or customers) and external ones (attacks and the threat posed by hackers) (Source: http://www.windowsecurity.com)
In order to become an expert penetration tester and security administrator, you must have a solid understanding of network intrusion prevention system (IPSes), IDSes, malicious network activity, and log information.
Evading IDS, Firewalls and Honeypots Exercises
Ethical Hacking Exercises / Evading IDS, Firewalls and Honeypots contains the following Exercises:
- Detecting Intrusions using Snort
- Detecting Intruders and Worms using KFSensor Honeypot IDS
The Virtual Private Cloud for this Lab set utilizes:
Ethical Hacking Exercises are available as part of the following subscription:
The Exercises in this lab map to the Certified Ethical Hacker V10 Course. Each subscription provides 6 months of access to 107 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.
Lab exercises are included for:
- Footprinting and Reconnaissance
- Scanning Networks
- Vulnerability Analysis
- System Hacking
- Malware Threats
- Social Engineering
- Denial of Service
- Session Hijacking
- Evading IDS Firewalls and Honeypots
- Hacking Web Servers
- Hacking Web Applications
- SQL Injection
- Hacking Wireless Networks
- Hacking Mobile Platforms
- Cloud Computing