Week 2 was about an early development phase, where i just install necesary software and play around to see what posiblities i have.
The plan was to:
– install Snort with a front-end interface and start playing with to see what can i do. You can read a detailed walkthrough here. It took much more longer than i expected, because of the lack of proper documentation related to the acidbase software and things simply not working. This turned out to be a total waste of time, becase it was too much of a hastle and i didn’t acomplish anything.
– install already made solutions out there, that can provide an inspiration to my development phase or can stop me from reinventing the wheel, thus saving time. It turned out that there are a few really interesting open-source projects that can be of use. The projects below resemble my idea, but not entirely:
- EasyIDS – http://sourceforge.net/projects/easyids/files/
- SmoothSec – http://sourceforge.net/projects/smoothsec/
- Network Security Toolkit – http://sourceforge.net/projects/nst/
- OSSIM – http://www.alienvault.com/open-threat-exchange/projects
– setup a test environment with a server/PC running a Snort and a front-end solution, a hub and some machines that can generate traffic. I can get the traffic needed from another class that has a networking project running. Initially, i wanted to use a pfsense powered machine that can mirror traffic from the network to me. I ran into more problems than i expected but you can read about it here.
This is part of a series of blogposts that serve as my weekly log for my professional special subject project. It has documentation purposes and it is a nice way to present your work to the teachers. For further information about my work and what i’ve learned and did follow the inbound/outbound links within these posts.