From the course: Network Forensics
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Intrusion and security events
- [Instructor] Examining network logs and searching for a series of related security events to detect an intrusion after a cybersecurity incident is a passive approach in network forensics. A more active way is to monitor network traffic in real time to catch attacks while they are underway. We call this more proactive method active intrusion detection. One of the well-known open source active intrusion detection system or IDS is Snort. Both Linux and Windows versions are available for installation. Once installed, Snort starts capturing packets and inspecting them for known attack data patterns which we call signatures. Snort also supports both predefined and user-defined rules. Rules rely on the protocol a packet is associated with and where it's originated from and going and are therefore different from signatures that are unique fingerprints in packets. I have Snort installed on my Linux virtual machine. Before we do anything, let's check the details of our network interface card…
Contents
-
-
-
-
-
(Locked)
Network logs3m 6s
-
(Locked)
Intrusion and security events5m 2s
-
(Locked)
Network logs as evidence3m 16s
-
(Locked)
Network logs and compliance3m 12s
-
(Locked)
Audit logs3m 28s
-
(Locked)
Firewall logs4m 23s
-
(Locked)
syslog6m 14s
-
(Locked)
syslog-ng6m 31s
-
(Locked)
Kiwi Syslog Server2m 39s
-
(Locked)
Microsoft Log Parser4m 34s
-
(Locked)
-
-
-