hands-on lab

Using Snort to Detect a Brute Force Hydra Attack

Intermediate
2h
57
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

pfSense is a FreeBSD based router/firewall that can be configured with various plugin modules which can enable network operations and defend a network from malicious behaviour in the form of an IDS/IPS module called Snort.

Snort monitors network traffic on the router and attempts to match behavioural patterns and signatures with a set of rules that the admin configures. The admin can use rulesets generated by various companies but they will have to pay for them; they can also use a community ruleset, which the Snort community contributes to. It is not the most robust or honed ruleset but it is free to use.

Admins can also configure custom rules if the ruleset they are employing does not alert the security team to certain attacks.

The community ruleset is still rather large, with over 1200 individual rules designed to detect malicious behaviour.

You will be conducting a dictionary attack on the Metasploitable DVWA using Hydra and Burp Suite in Kali Linux and attempting to detect it on the router using Snort and the community ruleset. You will then assess if this ruleset will catch the attack and create a custom rule if required.

This lab is part of a series on cyber network security.

Learning Objectives

Upon completion of this lab you will be able to:

  • Demonstrate to delegates how Snort, its community rule set and custom rules can be used to detect malicious behaviour on a network guarded by a pfSense router/IDS

Intended Audience

This lab is intended for:

  • Cyber and network security specialists

Prerequisites

You should possess:

  • A basic understanding of Windows operating system environments
About the author
Avatar
QA
Training Provider
Students
49,117
Labs
182
Courses
2,311
Learning paths
47

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.

Covered topics
Lab steps
Starting the Cyber Network Security Lab Exercise