IDS – Page 6 – WindowsTechs.com

anomaly detection based IDS implementation [closed]

Posted on January 13, 2021 by Eyal Elbaz

I’m trying to create an anomaly detection based IDS using the CSE-CIC-IDS2018 dataset. I have selected features and created an anomaly detection model, but I don’t know how to convert the traffic to the CSE-CIC-IDS2018 data type.
I thought… Continue reading anomaly detection based IDS implementation [closed]→

Snort3 IPS & TLS decryption [closed]

Posted on December 13, 2020 by droidus

I was reading some comments about an ids/ips being useless because a lot of traffic today is encrypted, and I thought that there must be some tools available for my home network that will allow me to decrypt local traffic, and to analyze i… Continue reading Snort3 IPS & TLS decryption [closed]→

Snort Inline Mode(IPS) Routing Packet Forwarding

Posted on December 5, 2020 by TheSoulkiller

I’d like to build an IPS which would be a seperate endpoint than the router and/or protected servers. To achieve this I’ve installed to my Ubuntu server Snort with DAQ(AFPACKET). The instructions I’ve used is here -> Snort 3.0.1 on Ubun… Continue reading Snort Inline Mode(IPS) Routing Packet Forwarding→

script encoder for IDS test

Posted on November 30, 2020 by t5j

Encoding a payload is a means of evading antivirus or IDS.
With regard to scripts is there a way to do the same thing?
For instance, is it possible to encode a python script in order test intrusion prevention systems?
This script here http… Continue reading script encoder for IDS test→

Help in Suricata rule bitmask syntax problem

Posted on October 4, 2020 by Khalid

I have written the following rule in my Suricata rules file:
alert tcp any any <> any any (flow:established; content:"|65|"; offset:0; depth:1; byte_test:1, =, 3, 2, bitmask 0x03; msg:"detected"; classtype:bad-unk… Continue reading Help in Suricata rule bitmask syntax problem→

Auto updating attack signature Firewall, WAF, IPS & IDS to secure Azure services?

Posted on September 15, 2020 by Senior Systems Engineer

We have a need to secure the Application Gateway and hundreds of APIs exposed to the Internet as part of our production environment. Using the existing built-in, Azure services, how to make it secure from unknown threats or 0-day attacks?
… Continue reading Auto updating attack signature Firewall, WAF, IPS & IDS to secure Azure services?→

is it bad to disconnect from a school on your school laptop

Posted on August 23, 2020 by SYANK LEGS

So i wanted to download roblox on my school laptop. it is blocked. is it bad to disconnect from your school?

Continue reading is it bad to disconnect from a school on your school laptop→

How would a companies like facebook, google and amazon approach the issue of data security in their data centers? [closed]

Posted on August 10, 2020 by Gilbert

Such companies handle data in terabytes and i would imagine firewalls would be a bottleneck. Do they even use firewalls? virtual firewalls? IPS systems?

Continue reading How would a companies like facebook, google and amazon approach the issue of data security in their data centers? [closed]→

PCI-DSS Level 1 requirement for Intrusion Detection and Prevention on AWS API Gateway and AWS Lambda

Posted on August 7, 2020 by simon

Our architecture is based on the best practices for PCI-DSS on AWS
Amazon WAF -> API Gateway -> AWS Lambda

The lambda’s are running within a VPC and the SG / Firewall and segmentation have been checked and approved.
We are also cent… Continue reading PCI-DSS Level 1 requirement for Intrusion Detection and Prevention on AWS API Gateway and AWS Lambda→

Analysis of network [closed]

Posted on July 20, 2020 by user238701

What should be looked at to analyze network security monitoring and/or IDS logs for any suspicious behavior and how to craft pattern matching scripts to look for those things when you have hundreds of thousands entries?

Continue reading Analysis of network [closed]→