4.4 IPS-Snort
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Welcome back to the summary course
00:00
in building your InfoSec lab.
00:00
I'm your host and Instructor, Kevin Hernandez.
00:00
In our last lesson we installed NMAP,
00:00
which is basically the same tool
00:00
we utilized earlier, Zenmap.
00:00
In this case, this is
00:00
line-based instead of a graphical user interface,
00:00
and it's within our pfSense
00:00
instead of a stand-alone application.
00:00
In today's lesson, we'll actually use
00:00
the module manager in order to install our IPS,
00:00
Snort. Let's get started.
00:00
Let's go ahead and install another of these extensions.
00:00
Lets go to "Package Manager", "Available Packages".
00:00
If you remember correctly,
00:00
part of the reason we decided to go with this,
00:00
instead of going with
00:00
undedicated IPS is because
00:00
they are contained within here.
00:00
Let's go ahead and check for IPS's,
00:00
and I remember I saw Snort here, [NOISE] earlier on.
00:00
I think I saw Suricata as well.
00:00
There's Snort, and there is Suricata, yes.
00:00
One thing I really like doing when
00:00
working with tools is look how they might look.
00:00
Right into Suricata.
00:00
You can see here firewall and adding network and
00:00
miscellaneous system, tables,
00:00
notifications, [inaudible] If for example,
00:00
I then look at Snort, you can see
00:00
the options it also offers right here.
00:00
Even though this are more tools dedicated installs,
00:00
it could give me a general idea on
00:00
what the application offers
00:00
or might offer within our installation.
00:00
I'm going to go ahead instead of going to Suricata.
00:00
I'm going to go with Snort,
00:00
since this more popular [NOISE] in
00:00
the open tools market so let's go ahead and install it.
00:00
Now, let's confirm the same way we confirmed NMAP.
00:00
Let's give it a few minutes
00:00
for it to complete installation.
00:00
You can see the progress bar goes up and down,
00:00
which is confusing until it finally
00:00
turns green and there it is.
00:00
Let's see here, let's go up a little.
00:00
Please fish aware that the database client is horrible
00:00
to CV- 2015-3152 as I say,
00:00
Grant I came back running.
00:00
Can I find information to URL, so be aware of that.
00:00
Although this database client is not listed as effected,
00:00
it is vulnerable and will not receiving a patch,
00:00
please take note of this when deploying the software.
00:00
Be aware of that and take controls as required.
00:00
Just skip talking about how to enable bond here
00:00
too and then you
00:00
know Snort uses a little bit
00:00
of startup scripts must be enabled.
00:00
Edc RC.com, please see user.
00:00
Snort, for list of available variables in
00:00
their description and configurations are located here.
00:00
Let's copy this.
00:00
Let me bring up my Excel sheet
00:00
and let me pause here for a second.
00:00
Okay, here we go and let's create a tab for Snort
00:00
[NOISE]
00:00
[LAUGHTER] and packages.
00:00
Now we go.
00:00
You obviously can see more information here.
00:00
Now if you remember correctly earlier,
00:00
you can always go to "Install Packages".
00:00
Then here's Snort, you can click a little eye.
00:00
You'll see more information about it.
00:00
You can see from this guide
00:00
right here that under "Services",
00:00
Snort is where you'll actually be able to run it.
00:00
It also has a "setting up Snort
00:00
for the first time" guide.
00:00
You can see how to update rules,
00:00
how to add it to an interface,
00:00
and which type of rules that will protect the network.
00:00
Now, this is all flavor base
00:00
This is depending on how you want to run Snort.
00:00
We actually have several.
00:00
Not one, several Snort
00:00
courses in our library as you can see.
00:00
There's several of them.
00:00
You can have real creations, monitoring network traffic,
00:00
the setup itself, and using Wireshark to analyze traffic.
00:00
There are several courses.
00:00
There are labs one hour if you want to go into
00:00
more specific and details on how to use Nord,
00:00
these will be your best tools.
00:00
Now remember the Snort,
00:00
we have it's a plug-in.
00:00
Might not necessarily have
00:00
the same interface that these courses have.
00:00
However, highly recommend that you also
00:00
look into these courses as they are labs,
00:00
you will have a more hands-on and have
00:00
a different flavor of
00:00
what's out there when it comes to Snort.
00:00
Now let's go back to our packages.
00:00
Let's go here. Let's go ahead and
00:00
go to services in Snort.
00:00
You can see it right here.
00:00
Now if you remember correctly,
00:00
when we were looking at Snort images,
00:00
we're actually looking at pfSense
00:00
[LAUGHTER] Here is a pfSnord..
00:00
Here's a different one.
00:00
This is more of a great log type approach
00:00
and you can see it has different features.
00:00
Start interfaces with global settings.
00:00
You want to download,
00:00
it's not free register users are pixels by rules.
00:00
In this case, I will start here
00:00
registering and getting those three rules
00:00
that we don't have to be guessing.
00:00
I have created them and from their modify those roles.
00:00
You can see your updates here.
00:00
Alerts, you have created,
00:00
lock events once you have finished configure it.
00:00
Press "IP reputation list management".
00:00
Now, like I said, since I actually don't have
00:00
any interfaces right now other than the default ones,
00:00
I don't want to play with Snort too much right
00:00
now until we create
00:00
more interfaces like IOTs and all that.
00:00
At the same time I highly recommend you go
00:00
through those labs we have,
00:00
which should guide you through it
00:00
with different approach and more detail.
00:00
Instead of me rushing through that,
00:00
through all the content,
00:00
go to these people,
00:00
take their courses and actually enjoy the content.
00:00
This lesson, we basically installed Snort.
00:00
We didn't go too much into
00:00
details regarding this installation.
00:00
As there are additional courses within
00:00
our library that will help you assist
00:00
and accomplish better results within your IPS.
00:00
In our next lesson, we'll actually go over Webproxies.
00:00
Hope to see you soon. Have a great day.
Up Next
Instructed By
Similar Content
