Configuring IDS and Honeypots

Introduction

The Configuring IDS and Honeypots module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

• Install Snort
• Test Snort
• Configure and Re-Test Snort

Lab time: It will take approximately 1 hour to complete this lab.

Exam Objectives

The following exam objectives are covered in this lab:

• SY0-501 2.1: Install and configure network components, both hardware- and software-based, to support organizational security
• SY0-501 2.4: Given a scenario, analyze and interpret output from security technologies
• SY0-501 5.5: Summarize basic concepts of forensics.

Exercise 1 - Snort Installation

Snort is a portable intrusion detection system (IDS) for Windows and Linux operating systems. This tool is capable of capturing real-time network traffic analysis and perform packet logging on TCP/IP networks.

Exercise 2 - Test Snort

Snort is an open source intrusion detection system that can monitor and log the traffic in real time. With the help of signatures, it can respond to a number of threats.

Exercise 3 - Configure and Re-Test Snort

This exercise will consist of modifying the configuration files and then re-testing snort to confirm that it works.