VMware

  Download

Download this Appliance

  Community Feedback

2 votes

Log in to rate item

Comment on this appliance

  Related Categories

Challenge Entry Appliance | Security | Server

Network Intrusion Detection Appliance

Snort Network Intrusion Detection Appliance

Description

What does this appliance do?
This appliance is designed to alert a system security professional of intrusion attempts on the network segment on which the appliance is installed.
Alerts must be monitored using the BASE (Basic Analysis and Security Engine) Web Console.
Monitor web can be visited at https://applianceIP/base. Username: base Password: base

Intended audience:
This appliance is intended for use by advanced systems security professionals with in-depth knowledge of network intrusion detection. This appliance in no way provides user training or help with respect to the CentOS operating system, TCP/IP network protocol, or network security.

What are benefits?
Allow security administrators to monitor potential network attacks on network.

How was the appliance built?
CentOS 4.0 installed with minimum software necessary for functionality
OS was updated with latest patches and updates
Running Services: httpd, mysqld, cron (cron daemon updates Snort rules daily)
Snort, PCRE, ADODB, BASE, and OinkMaster downloaded, installed, and configured
cron job defined to update Snort rules using OinkMaster every day at 5:30 AM
Management Network Interface (eth0)
IP Address: 10.1.4.51
Subnet: 255.255.255.0
Gateway: 10.1.4.254
Hostname: pig.vm
Username: root
Password: vmchallenge
Username: snort
Password: skydeve85

Instructions to start using the appliance:
Modify NIC configuration at /etc/sysconfig/network-scritps/ifcfg-eth?, where ? is the NIC you wish to modify.
Example:
DEVICE=eth?
BOOTPROTO=none
HWADDR=00:AA:11:BB:22:CC
ONBOOT=yes
TYPE=Ethernet
HOSTNAME=pig.domain.com
IPADDR=11.22.33.44
NETMASK=255.255.255.0
USERCTL=no
PEERDNS=yes
GATEWAY=11.22.33.254
IPV6INIT=no

Plug promiscuous NIC into DMZ.
Plug NIC with IP address into Management Network. Management network is separate subnet/VLAN set aside to manage the Snort Sensor.

Monitor alerts using https://IPAddr/base
Username: base
Password: base

Manage the sensor using SSH.
Username: root
Password: vmchallenge

Names of licensed operating systems & applications:
CentOS 4.0, GNU General Public License
Snort 2.4.3, GNU General Public License
Apache 2.0.52, GNU General Public License
PHP 4.3.9, GNU General Public License
MySQL 14.7, GNU General Public License
BASE (Basic Analysis and Security Engine) 1.2, GNU General Public License
PCRE 5.0, GNU General Public License
ADODB 4.62, GNU General Public License
OinkMaster 1.2, GNU General Public License

Last updated: 10/27/2006

Operating system: CentOS v4.0

Applications installed:
Snort 2.4.3, GNU General Public License Apache 2.0.52, GNU General Public License PHP 4.3.9, GNU General Public License MySQL 14.7, GNU General Public License BASE (Basic Analysis and Security Engine) 1.2, GNU General Public License PCRE 5.0, GNU General Public License ADODB 4.62, GNU General Public License OinkMaster 1.2, GNU General Public License

VMware Tools installed: No

Size: 428 MB MB
Torrent available: Yes
(What is BitTorrent?)

Primary account
Username: root
Password: vmchallenge

Submitted by: sboudreaux

Download link provided by the submitter, not VMware. Report broken downloads here.


« BACK...