How to Perform Network Analysis using Wireshark, Snort, and SO

Intro: How to Perform Network Analysis using Wireshark, Snort, and SO
with JPolansky|4 years experience
10509views
How to Perform Network Analysis using Wireshark, Snort, and SO
- English
- Cybersecurity
Ethical Hacking
- Project length: 8h 26m
Performing Network Analysis is imperative to best secure networks, productions systems or even at home. Using common analytics tools such as the ELK stack allows for advanced analytics on network traffic allowing for detection and prevention of network attacks. This series will cover setting up a monitoring environment, useful for any IT professional. Also, the tools allow for preventing certain cyber attacks, including automating this process of securing the network. In addition, thorough analytics of network data allows for advanced threat detection such as from network anomalies. This series will conclude by September.
Overview
How to analyze networks with Wireshark, Snort, and Security Onion tools
Project Introduction: The Network Analysis tutorial will cover the process of configuring, capturing, and analyzing network traffic with the common free tool. These tools are Wireshark, Snort, and the Security Onion OS which houses the ELK stack for network analytics. Network analysis that will be covered will be a basic configuration of turning these tools into useful Intrusion Detection and Prevention systems on your small to medium-sized network.
What are the requirements?:
- Operating system administration/configuration
- Basic command line experience
- Machine with 20GB storage and (ideally) 8GB memory
What is the target audience?:
- Monitoring home network
- Free solution to monitor small-medium network yourself
- Learning about network traffic and monitoring
- Learn about securing networks with ID/PS tools
Practice setting up IT environment for network monitoring
When are the streaming sessions (streaming schedule)? COMPLETED
Project Outline
Overview and Technology Intro
- Overview of Project
- Overview of Network Analysis Topics
- Intro to Important Concepts
Session 1: Setting up environment
- Setting up Wireshark (WinPcap on Windows)
- Setting up Snort (snort.conf configuration, Windows changes)
- Setting up Security Onion Machine (basics)
Session 2: Tools and Sensors
- Capture Filters
- Display Filters
- Identifying potential alerts
Session 3: Tools and Sensors Part 2
- Filters/Rules
- ID/PS setup
Session 4: Production Mode Setup / Wireshark introduction
- Wireshark/Snort Tools
- ELK Stack Analytics
- Integration with Other systems
Session 5: Snort Rules
- Basics of Snort rules
- Important points to remember for writing rules
- Basic rule examples
Session 6: Wireshark In-depth
- More features of Wireshark
Session 7: Snort In-depth
- More Snort features
- Overview of important concepts
Session 8: Final Snort Demo
- Demo of concepts from session 7
- Wrap up