Log analysis and intrusion detection
Download
1 / 27

Log Analysis and Intrusion Detection - PowerPoint PPT Presentation


  • 70 Views
  • Uploaded on
  • Presentation posted in: General

Log Analysis and Intrusion Detection. By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy. Log Analysis (Windows And linux). What is log analysis? Describes an event (or) process activity in detail on the system. Examples : user authentication event log

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Log Analysis and Intrusion Detection

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Log analysis and intrusion detection
Log Analysis and Intrusion Detection

By

Srikrishna Gudavalli

Venkata Naga Vamsi Krishna

Ravi Kiran Yellepeddy


Log analysis windows and linux
Log Analysis (Windows And linux)

What is log analysis?

Describes an event (or) process activity in detail on the system.

Examples :

  • user authentication event log

  • ftp authentication .


Setup for loganalysis
Setup for LogAnalysis

  • Application Log

    Specific to particular application.

    eg:MS word,Windows Media Player

  • Security Log

    Specifically logs all the security features.

  • System Log

    Logs all the system related activities.


Linux auditing
Linux Auditing

  • Sysklog

  • Metalog

  • LogRotater

    Basic Linux Auditing

    Syslogd:

    Gives information about the general activities about the Kernel,Mails,Process and Remote logins.


Intrusion detection systems ids
Intrusion Detection Systems (IDS)

  • What is an intrusion Detection System (IDS)?

    Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent

    Example : Snort


Steps to setup ids
Steps to setup IDS

  • Installation of snort

  • Creation of Snort configuration files

  • Creation of rules

  • Testing of rules



Using snort in different scenarios
Using Snort in Different Scenarios

  • Ping

  • nmap Scan Utility

  • Subseven Trojan

  • Telnet

  • Internet Explorer





Traffic dump for linux using snort
Traffic dump for Linux server by snort.using snort




Xmas scan using nmap
Xmas scan using nmap port scanner.














ad
  • Login