Changes between Version 2 and Version 3 of netsec2018snort


Ignore:
Timestamp:
Jun 4, 2018, 6:03:21 AM (6 years ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • netsec2018snort

    v2 v3  
    1010Here you are going deploy a pre-installed Oracle Virtual Box machine and a linux GUI box to configure SNORT and do some testing.
    1111
    12 You may download two ova file from here1, here2.
     12== Setting up VM's ==
    1313
    14 Import them in to Oracle virtual box from File Import Appliance
     14 - You may download two ova file from here1, here2.
    1515
    16 While importing make sure of the following:
     16 - Import them in to Oracle virtual box from File Import Appliance
    1717
    18 Tick reinitialize the MAC address of all your network cards.
     18 - While importing make sure to Tick reinitialize the MAC address of all your network cards.
    1919
    20 Our lab network will be,
     20 - Our lab network will be,
    2121{{{
    2222---LAN or WiFi Your Host Machine  - - > Bridge Port -- - >ETH0 -- pfsense
     
    2626                                                        Linux Box  < - -
    2727}}}
     28
     29 - Please double check your vm network connections before powering on them.
     30
     31 - If all settings are satisfying, power on both Virtual Machines.
     32
     33
     34 == Network Setup ==
     35
     36Once they are booted go to your Linux Box and open the firefox browser.Go to https://192.168.1.1
     37
     38 - Default Credentials will be '''admin/pfsense'''
     39
     40 - You may change the WAN IP Address of your pfSense instance by visiting Interfaces > WAN
     41
     42 - Change IPv4 Configuration Type to Static IPv4.
     43 
     44 - Enter your WAN address according to the table.
     45
     46 - Add a new Gateway with the ip address 192.248.6.254
     47
     48 - Do the same for IPv6 configurations, your gateway will be 2401:dd00:…..
     49
     50At this point we may not change any LAN settings.
     51
     52== Snort ==
     53
     54Lab pfsense is pre-installed with snort with default settings. But if you need to install it in your own instance, go to Package Manager and Search for snort from Available Packages list and install.
     55
     56Once installed you can configure one of more instances of SNORT to run within pfSense. Each SNORT instance runs with individual settings and against a particular virtual interface.
     57
     58=== Launching Snort configuration GUI ===
     59
     60 - To launch the Snort configuration application, navigate to Services > Snort from the menu in pfSense.
     61
     62=== Setting up Snort package for the first time ===
     63
     64 - Click the Global Settings tab and enable the rule set downloads to use.
     65
     66 - Select '''Enable Snort GPLv2''' , '''Enable ET Open''', '''Enable OpenAppID''', '''Enable RULES OpenAppID'''
     67(If either the Snort VRT or the Emerging Threats Pro rules are checked, a text box will be displayed to enter the unique subscriber code obtained with the subscription or registration.)
     68
     69 - Once the desired rule sets are enabled, next set the interval for Snort to check for updates to the enabled rule packages. Use the Update Interval drop-down selector to choose a rule update interval. In most cases every 12 hours is a good choice.
     70
     71 - The update start time may be customized if desired.
     72
     73 - Finally '''Save''' the configurations.