IT262_ERIC_CLARKSON_UNIT_10_LAB
docx
keyboard_arrow_up
School
Purdue Global University *
*We aren’t endorsed by this school
Course
262
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
11
Uploaded by BarristerRiverRook47
1
Unit 10 Assignment
IT262 Certified Ethical Hacking I
Eric Clarkson
Purdue Global University
Professor Nicholas Ray
August 13, 2023
2
The Unit 10 lab was titled Securing the Network using an Intrusion Detection System (IDS), and it included the standard Hands-on presentation as well as an Applied Learning component. Both portions were divided into three pieces. To help secure the local area network, this lab requires the usage of tools such as Nessus, Snort, Snorby, and vi. I've used some of these tools before, including Snorby, which I'm still learning how to utilize. Snorby is an excellent application for managing and organizing network security warnings.
Its user-friendly UI and strong features make it simple to remain on top of possible dangers and respond fast to mitigate them. While the lab wasn't difficult, I ran into a few issues in the final stages of the lab and I'm hoping to figure out what I did wrong.
Part 1: Configure an Intrusion Detection System (IDS) prompted me to use the SnortSSH shortcut to connect to the TargetIDS virtual machine via a remote terminal session. The following steps largely included my dealing with commands. Step 5 prompted me to run a command to change the working directory to /etc/nsm/SCO-eth0. The core directory for Snort and its configuration files is /etc/nsm; in this case, the SCO-eth0 directory will contain a copy of the snort.conf file for the student profile.
The following stages required me to continue configuring adjustments to fine-tune Snort for this environment. Snort, when properly configured, may analyze network traffic and identify potential risks, offering an additional layer of defense against cyber-attacks.
3
During these steps, I was also forced to use the vi Editor to make the necessary adjustments, such as removing the 10.0.0.0/8 address and replacing it with 172.30.0.0/24. Continuing with the procedures, and after saving my configurations in the vi Editor, I used the command prompt to execute the command to display the contents of the local.rules file and
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
captured the required screenshot of the contents of the local.rules file.
5
After completing this step, I rebooted the Snort system and launched a new terminal session to TargetIDS (SnortSSH shortcut), then ran the command to enable sudo rights for the student account, enter the password, and dismiss the terminal window. I also activated the SnorbyWWW shortcut, which launches the Snorby program in a new browser window. Snorby is a web-based interface for other apps like Snort.
Snort does not save every IP packet that it captures and analyses. Rather, it searches for certain IP packet traffic patterns as well as aberrant traffic attempting to enter a network. When IP packet traffic patterns are discovered inbound to the organization's network, the IDS keeps
6
logs, warnings, and alarms. Alerts or alarms can be sent automatically to a network or security operations help desk.
The following stages required me to become acquainted with Snorby and make a screen capture displaying rule information for the alert I created previously. In Part 2 of the experiment, I ran a vulnerability scan on the TargetIDS virtual computer using Nessus. Nessus is a collection of services and technologies that provide vulnerability scanning and management solutions. Following the entry of my credentials and the creation of a Basic network scan with the following parameters:
Name:
yourname
_S2_ScanIDS
Description:
Scan the IDS system
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
Folder:
My Scans
Targets:
172.30.0.8
I viewed the scan results in Part 3 after starting the scan and waiting for it to finish. This section of the lab did not offer me any High Severity report specifics since I am unsure what I did incorrectly. I still have a screenshot of the Top 15 Signatures area. While the report did not offer me any specifics, I was able to view the signatures using the tabs. A screenshot is shown below.
8
What are some techniques to scan a network without raising the Snort alerts that Nessus did in the lab?
For IT workers attempting to uncover vulnerabilities and potential threats, network scanning is a must-have tool. Traditional scanning approaches, on the other hand, frequently cause Snort, a popular intrusion detection system, to generate alarms. There are numerous ways and technologies that can be used to avoid these notifications.
9
One method is to employ "slow scanning," which entails scanning the network at a slower than typical rate. This can help to prevent Snort detection because Snort may not recognize the scan as a threat. Another useful strategy is "stealth scanning," which entails employing various strategies to avoid Snort detection. This could include employing different IP addresses or randomizing scan timing.
In addition to these strategies, there are many tools available for scanning a network without raising any alerts. Nmap, hping, and Scapy are all good tools for performing a covert scan. These technologies allow for scan customization and can circumvent detection systems by employing specialized protocols.
The effectiveness of these approaches and technologies, however, will be determined by a variety of criteria, such as network size, complexity, and the precise goals of the scan. Slow scanning, for example, may not be practicable on a large network because it takes too long to finish. Similarly, utilizing stealth scanning on a network with strong security rules may be ineffective.
To ensure a successful scan, it is essential to plan carefully and choose the right tools and techniques. It is also important to have a thorough understanding of the network and its security
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10
protocols. By doing this, IT professionals can avoid raising red flags and successfully identify potential vulnerabilities and threats.
It is critical to plan properly and select the appropriate instruments and techniques to guarantee a successful scan. It is also critical to understand the network and its security procedures well. IT workers can avoid generating red flags and properly discover potential vulnerabilities and dangers by doing so.
To summarize, scanning a network without raising Snort alarms necessitates careful planning as well as the appropriate tools and approaches. Slow scanning, stealth scanning, and tools like Nmap, hping, and Scapy can all be utilized to successfully execute a scan. However, the optimum strategy will be determined by some aspects that must be examined before deciding
on a scanning method. This allows IT professionals to uncover weaknesses and potential threats without raising any red flags.
References
Adams, D. (n.d.).
Stealth scans with Nmap
. Linux Hint.
https://linuxhint.com/stealth_scans_nmap/
Hess, K. (2019, August 19).
An introduction to the VI editor
. Enable Sysadmin.
https://www.redhat.com/sysadmin/introduction-vi-editor
Home IDS with snort and Snorby
. (2021, February 7). TechAnarchy.
https://www.techanarchy.net/home-ids-with-snort-and-snorby/
11
How to scan a network without raining the snort flags?
(2022, June 20). The Cybersecurity blog.
https://cybersecurity-blog.com/how-to-scan-a-network-without-raining-the-snort-
flags/
Subverting intrusion detection systems | Nmap network scanning
. (n.d.). Nmap: the Network Mapper - Free Security Scanner.
https://nmap.org/book/subvert-ids.html