Posts

Snort (Intrusion Detection System)

Snort is a rule based IDS. Snort works in three different modes which is as follows:     1) Sniffer Mode     2) Packet Logger Mode     3) Network Intrusion Detection Mode 1)       Sniffer Mode : Sniffer Mode allows you to dump data in the header and body of each packet to the screen when you are running Snort. To start the snort for displaying all application data, enter the command as follows: ./snort –d                     -> works in most of the version of snort ./snort –dv                  -> for getting an error message 2)       Packet Logger Mode : Packet Logger Mode is different from Sniffer mode because the packet data and headers are written to the hard drive of host on which the snort is running. For writing to the directory named log write the following command: ./snort –dev –l ./log For capturing the logging data on the local network, it is necessary to enter the ip address range of the network ./snort –dev –l ./log –h 192.1

Wireshark(Network Protocol Analyzer)

Wireshark and components – what does it do and how? Wireshark is a network monitoring tool which also called as network protocol analyzer or sniffer. It is free and open source tool. It is used for network trouble shooting and analysis. Wireshark is a cross platform based, it runs on many operating systems like Linux, MacOS, BSD, Solaris, Microsoft Windows etc. There is also a terminal version of wireshark which is called as TShark. Wireshark uses pcap to capture packets form the network. It is used for examining the details of traffic in the network. The information of the packet which is captured can give its transmit time, source ip address, destination ip address, protocol type, header data etc. So this information can be use in security and troubleshooting issues. The wireshark will display the information in three types of panels which are Packet list panel, Packet details panel, Packet byte panel. The packet list panel are the colored lines which are displayed at the top.

Security threats and countermeasures of SDN(Software Defined Network)

Security for SDN (Software Defined Networks) SDN (Software Defined Networks) – SDN is a network architecture which deals with network dynamics through software enabled control. Security for SDN has become an important concern. We discuss about security threats and their effects with this we also discuss about SDN Security Controls. ·         Security Threats : Denial of service(Dos), Information Disclosure, Spoofing, Tampering, Repudiation, Elevation of Privilege. ·         Security Controls : Access Control, firewalls, IDS(Intrusion detection system), IPS(Intrusion prevention system), policy management and auditing. STRIDE(Spoofing, Tampering, Repudiation, Information Disclosure, Denial of service, Elevation of Privilege ) is a threat classification model developed by Microsoft for thinking about computer security threats. SDN security threats and countermeasures: We are going to use STRIDE threat model for analyzing the type of threats which are exposed to