Intrusion Detection Systems (IDS) are another layer of security in today's computing environment. The main idea is to identify irregular behaviour (or a known attack), report it, and if possible preventing the resulting problems.
snort is an open source project, aimed at producing high quality IDS. The idea is to have some engine (snort) with rules which are updated as fast as possible (0 day - once the attack is known, a rule is usually issued within several hours).
In the lecture we shall cover the basic concepts behind IDS and snort. If time permits we shall look at a study case of a specific attack, the rule, and the way snort handles the event.
Lecture slides in Zipped post script
Back to the Club's homepage