Network intrusion detection systems
The aim of this activity is to demonstrate the NIDS system (network intrusion detection systems, sometimes referred to as IDS) used to operate network intrusion detection systems.
What you will learn in this task
NIDS (network intrusion detection systems, sometimes referred to as IDS) are used to operate network intrusion detection systems. They monitor packet data sent and received through a designated network interface and detect threats targeting system vulnerabilities using signature-based detection technologies and protocol analysis. When properly installed and configured, NIDS software can identify the latest attacks, malware infections, compromised systems, and network policy violations.
Snort can be used in a variety of scenarios to protect networks from cyber threats. Common use cases include:
- Detecting and blocking network attacks (e.g., DoS, DDoS, or domain attacks),
- Monitoring network traffic for suspicious activity
- Using Snort rule sets to detect known malware signatures.
In this exercise, you will focus on using Snort, its initial configuration, and setting rules to detect DoS and DDoS attacks, as well as monitoring access to various websites. You can further refine and extend Snort rules to detect other types of network traffic and intrusions.
Ongoing tasks are
- Checking Snort application settings
- Simple rule for capturing ICMP traffic
- Simulation and detection of DoS attacks
- Detection of DDoS attacks
- Detecting domain access
Workstations available for the task
- User - OS Xubuntu
- Attacker - OS Ubuntu
Network diagram
The maximum time required for the lab task is 45 minutes.