Title: IDS Assessment
A company (Joe plc) has created a new Web infrastructure built around a Linux Web core. It runs a number of services, and the aim of the assignment is to perform an assessment for their Web system, and implement an outline intrusion detection system to overcome the threats that they are worried about. The key tasks are thus:
Perform an evaluation of the key services within their infrastructure.
Develop and implement a strategy to detect the network scanning of their system.
Develop and implement a strategy to detect activities which involves the login of an administrator through Telnet or FTP.
Develop and implement a strategy to detect a malicious Bot agent (to be given).
The aim is to create a prototype of a system which outlines how the system works. You should implement an agent-based system based on the requirments listed above, either using: your own agent (using Winpcap and .NET or Java); a stand-alone version of Snort; or using a graphical management system which interfaces to Snort (a mixture of Snort, Winpcap and .NET). Overall the alerts should be useful, and, possibly, stored in a secure manner.
The Bot code can be downloaded from:
[url removed, login to view]
Note: that the Bot code is not malicious in any way.