log analysis and intrusion detection by srikrishna gudavalli venkata naga vamsi krishna ravi kiran...

Report

Tags:

Post on 22-Dec-2015

227 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Log Analysis and Intrusion Detection

By

Srikrishna Gudavalli

Venkata Naga Vamsi Krishna

Ravi Kiran Yellepeddy

Log Analysis (Windows And linux)

What is log analysis?

Describes an event (or) process activity in detail on the system.

Examples : • user authentication event log• ftp authentication .

Setup for LogAnalysis

• Application Log

Specific to particular application.

eg:MS word,Windows Media Player

• Security Log

Specifically logs all the security features.

• System Log

Logs all the system related activities.

Linux Auditing• Sysklog

• Metalog

• LogRotater

Basic Linux Auditing

Syslogd:

Gives information about the general activities about the Kernel,Mails,Process and Remote logins.

Intrusion Detection Systems (IDS)

• What is an intrusion Detection System (IDS)?

Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent

Example : Snort

Steps to setup IDS

• Installation of snort

• Creation of Snort configuration files

• Creation of rules

• Testing of rules

Operation of Snort

Using Snort in Different Scenarios

• Ping

• nmap Scan Utility

• Subseven Trojan

• Telnet

• Internet Explorer

SNORT AS A SNIFFER

Starting snort to sniff the data on the network.

Pinging the server from the client and sniffing data on server by snort.

Traffic dump for Linux using snort

Output for the snort sniffed data

Adding preprocessor to the config files of Snort to filter port scanner.

Xmas scan using nmap

Alerts in Snort log files for Xmas Stealth activity.

Preprocessor to sniff Trojans activity (ettercap)

Creating snort config file to use detection engine

Starting the snort service with detection engine

Using Internet Explorer to detect directory traversal attack

by snort

Alert for the Directory Traversal attack in snort alerts file

Creating the rules in snort to detect the subseven Trojan

Adding subseven rules to config file of snort

Starting the snort service with new subseven rule

Attacking the server with subseven Trojan

Alert log for the subseven Trojan detection

Subseven Trojan scenario on Linux

top related

vamsi-payment card industry- mba689
Documents
nbfc by ashok srikrishna
Education
vakkantam vamsi - the pioneer
Documents
noise in a signal - srikrishna
Documents
main of vamsi
Documents
srikrishna stuthi_swami sundarachaitanya
Documents
consumer buying behavior srikrishna milk p ltd
Documents
bharatacharita srikrishna kavi
Documents
green cloud computing -a data center approach srikrishna...
Documents
vibration monitoring - raghu vamsi
Documents
telangana congress monitoring group memo to srikrishna...
Documents
srikrishna committe report
Government & Nonprofit
srikrishna sirivellasrikrishna sirivella
Documents
mptc elections, 2006 - apsec.gov.in 2006/krishna.pdf ·...
Documents
vamsi kumar sramfinal
Documents
organizational culture - soumyaa srikrishna
Education
gaurav sharma, indu khatri, and srikrishna...
Documents
organizational design - soumyaa srikrishna
Education
1. electrical - ijeeer - comparison of various - vamsi
Documents
vamsi krishna karumanchi portfolio
Documents