IPS, SYSLOG, and NTP Lab
An Intrusion Prevention Systems (IPS) is a software application that can be used to detect and stop threats within a network. Syslog is a software application that can send and store events based on classification. Both of these applications provide visibility and can be crucial in finding past, present, and potentially future threats. In this lab, we are going to install SNORT on the host IPS-LAN.urbank.com, configure it as an IPS, and to send it's alert messages to a remote Syslog server (urbank.com). We will also install ntp on IPS-LAN.urbank.com and configure it to get it's time source from urbank.com. Lastly, we will configure the Syslog server (urbank.com), to log messages received from the IPS to a separate file. IPS and RSYSLOG
Overview
An Intrusion Prevention Systems (IPS) is a software application that can be used to detect and stop threats within a network. Syslog is a software application that can send and store events based on classification. Both of these applications provide visibility and can be crucial in finding past, present, and potentially future threats. In this lab, we are going to install SNORT on the host IPS-LAN.urbank.com, configure it as an IPS, and to send it's alert messages to a remote Syslog server (urbank.com). We will also install ntp on IPS-LAN.urbank.com and configure it to get it's time source from urbank.com. Lastly, we will configure the Syslog server (urbank.com), to log messages received from the IPS to a separate file. IPS and RSYSLOG
