© 2015 IJEDR | Volume 3, Issue 1 | ISSN: 2321-9939 IJEDR1501086 International Journal of Engineering Development and Research (www.ijedr.org) 479 Intrusion Detection Systems with Snort Rana M Pir Lecturer Leading University, Sylhet Bangladesh ______________________________________________________________________________________________________ Abstract— Network based technology and Cloud Computing is becoming popular day by day as many enterprise applications and data are moving into cloud or Network based platforms. Because of the distributed and easy accessible nature, these services are provided over the Internet using known networking protocols, Protocol standards and Protocol formats under the supervision of different management’s tools and programming l anguage. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion so many Attacks like Denial of Service (DDOS), Buffer overflows, Sniffer attacks and Application-Layer attacks have become a common issue today. Recent security incidents and analysis Have manual response to such attacks and resolve that attacks are no longer feasible. In Internet and Network system application or platform facing various types of attacks in every day. Intrusion Prevention and the IDS tools that are employed to detect these attacks and discuss some open source tools to prevent and detection of intrusion and how can we use Open Source tools in our system. Snort is an open source Network Intrusion Detection System (NIDS) which is available free of cost. NIDS is the type of Intrusion Detection System (IDS) that is used for scanning data flowing on the network. There is also host-based intrusion detection systems, which are installed on a particular host and detect attacks targeted to that host only. Although all intrusion detection methods are still new, Snort is ranked among the top quality systems available today. Index Terms— Intrusion detection system, Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID ________________________________________________________________________________________________________ I. INTRODUCTION TO INTRUSION DETECTION AND SNORT Intrusion detection is the process of monitoring the attacks and events occurring in a computer or network system and analyzing them for signs of possible incidents of attacks, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Incidents have many causes, such as malware (e.g., worms, spyware, Denial of Service (DDOS), Buffer overflows, Sniffer attacks and Application-Layer attacks), attackers gaining unauthorized access to systems from the Internet, and authorized users of systems and misuse their privileges or attempt to gain additional privileges for which they are not authorized. As network attacks have increased in number and severity over the past few years, intrusion detection systems have become a necessary addition to the security infrastructure of most organizations. This Paper is intended as a primer in intrusion detection, developed for those who need to understand what security goals intrusion detection mechanisms serve, how to select and configure intrusion detection systems for their specific system and network environments, how to manage the output of intrusion detection systems, and how to integrate intrusion detection functions with the rest of the organizational security infrastructure. Security is a big issue for all networks in today’s enterprise environment. Hackers and intruders have made many successful attempts to bring down high-profile company networks and web services. Many methods have been developed to secure the network infrastructure and communication over the Internet, among them the use of firewalls, encryption, and virtual private networks. Intrusion detection is a relatively new addition to such techniques. Intrusion detection methods started appearing in the last few years. Using intrusion detection methods, you can collect and use information from known types of attacks and find out if someone is trying to attack your network or particular hosts. The information collected this way can be used to harden your network security, as well as for legal purposes. Both commercial and open source products are now available for this purpose. Many vulnerability assessment tools are also available in the market that can be used to assess different types of security holes present in your network. A comprehensive security system consists of multiple tools, including: II. TYPE TYPES OF ATTACKS Denial-of-Service (DOS) attacks, It is an attempt to forbid the authorized users from utilizing the requested service/ resource. A more advanced Distributed Denial of Service occurs when in a distributed environment the attacker sends or rather floods the server or a target system with numerous connection requests knocking the target system to the knees, leaving them no other option to restart their system. Some well known DOS attacks are: SYN Attack where the attacker exploits the inability of the server to handle unfinished connection requests. Server is flooded with connection requests. The server crashes waiting for the acknowledgments of the requests. Ping of Death where the attacker sends a ping request which is larger than 65,536 bytes which is the maximum allowed size for the IP, causing the system to crash or restart Logon Abuse attacks, a successful logon abuse attack would bypass the authentication and access control mechanisms and grant a user with more privileges that authorized. Application-Level Attacks, The attacker exploits the weakness in the application layer – for example, security weakness in the web server, or in faulty controls in the filtering of an input on the server side. Examples include malicious software attack (viruses, Trojans, etc), web server attacks, and SQL injection.