Log analysis and intrusion detection
This presentation is the property of its rightful owner.
Sponsored Links
1 / 27

Log Analysis and Intrusion Detection PowerPoint PPT Presentation


  • 56 Views
  • Uploaded on
  • Presentation posted in: General

Log Analysis and Intrusion Detection. By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy. Log Analysis (Windows And linux). What is log analysis? Describes an event (or) process activity in detail on the system. Examples : user authentication event log

Download Presentation

Log Analysis and Intrusion Detection

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Log analysis and intrusion detection

Log Analysis and Intrusion Detection

By

Srikrishna Gudavalli

Venkata Naga Vamsi Krishna

Ravi Kiran Yellepeddy


Log analysis windows and linux

Log Analysis (Windows And linux)

What is log analysis?

Describes an event (or) process activity in detail on the system.

Examples :

  • user authentication event log

  • ftp authentication .


Setup for loganalysis

Setup for LogAnalysis

  • Application Log

    Specific to particular application.

    eg:MS word,Windows Media Player

  • Security Log

    Specifically logs all the security features.

  • System Log

    Logs all the system related activities.


Linux auditing

Linux Auditing

  • Sysklog

  • Metalog

  • LogRotater

    Basic Linux Auditing

    Syslogd:

    Gives information about the general activities about the Kernel,Mails,Process and Remote logins.


Intrusion detection systems ids

Intrusion Detection Systems (IDS)

  • What is an intrusion Detection System (IDS)?

    Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent

    Example : Snort


Steps to setup ids

Steps to setup IDS

  • Installation of snort

  • Creation of Snort configuration files

  • Creation of rules

  • Testing of rules


Operation of snort

Operation of Snort


Using snort in different scenarios

Using Snort in Different Scenarios

  • Ping

  • nmap Scan Utility

  • Subseven Trojan

  • Telnet

  • Internet Explorer


Log analysis and intrusion detection

SNORT AS A SNIFFER


Starting snort to sniff the data on the network

Starting snort to sniff the data on the network.


Pinging the server from the client and sniffing data on server by snort

Pinging the server from the client and sniffing data on server by snort.


Traffic dump for linux using snort

Traffic dump for Linuxusing snort


Output for the snort sniffed data

Output for the snort sniffed data


Adding preprocessor to the config files of snort to filter port scanner

Adding preprocessor to the config files of Snort to filter port scanner.


Xmas scan using nmap

Xmas scan using nmap


Alerts in snort log files for xmas stealth activity

Alerts in Snort log files for Xmas Stealth activity.


Preprocessor to sniff trojans activity ettercap

Preprocessor to sniff Trojans activity (ettercap)


Creating snort config file to use detection engine

Creating snort config file to use detection engine


Starting the snort service with detection engine

Starting the snort service with detection engine


Using internet explorer to detect directory traversal attack by snort

Using Internet Explorer to detect directory traversal attack by snort


Alert for the directory traversal attack in snort alerts file

Alert for the Directory Traversal attack in snort alerts file


Creating the rules in snort to detect the subseven trojan

Creating the rules in snort to detect the subseven Trojan


Adding subseven rules to config file of snort

Adding subseven rules to config file of snort


Starting the snort service with new subseven rule

Starting the snort service with new subseven rule


Attacking the server with subseven trojan

Attacking the server with subseven Trojan


Alert log for the subseven trojan detection

Alert log for the subseven Trojan detection


Subseven trojan scenario on linux

Subseven Trojan scenario on Linux


  • Login