INTRUSION DETECTION: FROM DETECTION TO RESPONSE USING SNORT

Abstract

Modern corporate networks are targeted by attacks from the Internet. The consequences of cyberattacks can be devastating, including loss of business information, theft of money, the cost of repairing affected systems, and possible damage to an organization's reputation. With the right devices, security can detect suspicious traffic. With proper network security techniques in place, its security analysts get early warning of emerging problems. This research sought to explore and build a basic, robust system that could be used to distinguish between suspicious practices in network traffic. In my tests I tried: Discuss and analyze network traffic and gadget suspicious conspiracies. Analyze current techniques used to detect suspicious activity in network traffic. Development of systems to detect suspicious conspiracies in network traffic. Approve the proposed system. After review, the study plan was approved. The experiment was run in Virtual Box with Windows 7 and Snort and Metasploit's web GUI. Snort had the ability to intercept and report large packets sent to this machine. Network traffic was the subject of this study. Researchers sent packets over the network. Network traffic was analyzed using network security tools analyzed by researchers and selected for accessibility and similarity to each other for the desired deployment. By providing precise critiques of what network administrators at various organizations can identify as questionable practices within their networks, the research has resulted in significant improvements.