0

    IT 643 Lab 3: Using Snort IDS
    Lab 3 Procedure
    The following requirements must be met in order to set up this lab:
    VirtualMachine from Lab 1 (Ubuntu Linux 14.04 VM in either VMware or Virtual Box)
    Internet access for adding packages to the install of Ubuntu
    Logging In to VM
    1. When Ubuntu starts LightDM will show normal-user selected. Type in the password you used during the installation and press .
    2. Type + which will bring up the Run Command menu. Type in gnome-terminal and press . You can also select the terminal if it was attached to the Launcher panel.
    3. This will load up a terminal to run commands with. With the terminal open the operating system will need to be updated before continuing (even since you completed Lab 2). Type in the following to update and install security patches for Ubuntu:
    4. Once the update is complete click the gear in the top right corner and select Shut down and then select Restart to reboot the system.
    Installing the Snort Package
    1. For the purposes of this lab we will use the Snort package which is included as an Ubuntu package. Open up the terminal and run the following command to install Snort and Apache2 which will be used for demonstration of web detection.
    2. Type snort -V to verify that Snort is installed correctly. The output in the terminal should look similar to the screenshot in Figure 1.
    Figure 1: Screenshot of Snort Running a Version Check
    3. Run the following command to test the Snort configuration.
    4. Snort will start up and validate the configuration. The output will look similar to Figure 2.
    Figure 2: Output From Snort Validate
    Lab 3 Assignment
    Using similar information to Hands-On Project 8-4 on pages 298299 in our textbook perform the following steps to explore Snorts Logging function:
    1. If necessary open the terminal window in Linux type sudo snort vd but do not press Enter yet.
    2. Open a Web browser (the Firefox icon is on the Launcher Panel on the left). In the address bar type www.snhu.edu but do not press Enter yet.
    3. Go back to the terminal window and press Enter. Then immediately go back to the Web browser window and press Enter.
    4. Go back to the terminal window and press Ctrl+C quickly and examine the results.
    5. Take a series of screenshots and paste them to a Word document to show your results. Submit these along with answers to the questions below.
    Lab 3 Questions

                                                                                                                                      Order Now