Deploying IDS and IPS with Snort

Information Technology



Deploying IDS/IPS with Snort

Question 1

SNORT can be used as a packet sniffer, packet logger and as a NIDS application. It can serve as a packet sniffer because it has ability to record all the network packets which pass through a given computer, network or internet interface. At the same time, it can help in extracting sensitive information and troubleshoot any kind of network menace. This makes it possible for it to detect probes and such as credentials received from unencrypted login sessions (Ptacek, T.H. & Newsham, T.N., 2008).

On the other hand, this package can be used as a packet logger to generate a copy of the packets which are transmitted through a network system. This is mainly possible since it has ability to record data. Hence, it can be used in tracing the kind of information that may be suspicious within a given network. Lastly, SNORT can be used as Network Intrusion Detection System (NIDS) to assist in managing security for any computer network system (Mohan, K. et al., 2008). SNORT can be used to identify a specific server point in which anti-threat software like spyware, antivirus, firewalls can be configured. This will make it easier for the server to identify and counteract any threat from crackers and hackers, thus, becoming fully protected.

Question 2

SNORT is a very important application because its role in real time protocol and traffic analysis; detecting attacks; content matching and searching. However, for it to function well, it should be properly installed. This implies that an administrator configuring it must follow all the recommended steps. It is paramount to begin this process by downloading and installing the latest versions of the Windows Packer Capture Library. This should be followed by the downloading and configuring of the most updated versions of SNORT. If this is done, the application will get access to the IPv6 support used in a guided selection of check boxes. Then, the administrator should proceed by downloading the most appropriate SNORT rule to use for the server. The right choice of this rule will enable the application to the right thing because it will direct it on the exact thing to do in order to identify a threat and capture it. A successful completion of this procedure means that this application is property configured and should now be run.

Question 3

During the testing of SNORT application, one can decide to choose any of the following options. First, he may begin from downloading the SNORT rule to apply in the testing process. This will enable him to transfer traffic from the network being monitored, to the target host. On the other hand, one may use a tool such as Metasploit. This will help in detecting any traffic attack which may be present in the SNORT rule. When carrying out such a test, it is advisable to use one’s own host system which is immune to the kind of attack it is exposed to. If this is done, it will be possible to exploit the available MS01-23. Hence, the system will generate WEB-IIS IS ISAPT which will assist in ascertaining if the application is properly configured (Mohan, K. et al., 2008).

Question 4

Some of the most important command-line options include the following:


This option is the top most command used in troubleshooting and viewing IP problem. It has ability to see default gateway, IP address and subnet mask.


Systeminfo can display information about operating system configuration for a remote or local machine. This gives the administrator an opportunity to access information about boot time, product ID, hardware info, install date and OS type. Its syntax is denoted as follows:

SYSTEMINFO /S system /U user

Tasklist and taskkill

This indicates a task which is currently running in the widow. It is most appropriate when working with the task manager. However, when using it, there is an option of applying the image ID or process ID.


This command helps in saving what has been done.


This gives the administrator an option of quitting especially after finalizing the task being performed.


Mohan, K. et al. (2008). 4. Introducing Intrusion Detection and Snort. How to Cheat at

Securing Linux. Burlington, MA: Syngress Publishing Inc.

Ptacek, T.H. & Newsham, T.N. (2008) Insertion, Evasion, and Denial of Service: Eluding

Network Instrusion Detection. London: Oxford University Press.