Dec 30, 2024  
2018-2019 Course Catalog 
    
2018-2019 Course Catalog [ARCHIVED CATALOG]

Add to Portfolio (opens a new window)

CVF 2200 - Advanced IDS Techniques Using SAMPA (Snort, Apache, MySQL, PHP, and ACID)

Credits: 4
Hours/Week: Lecture 4 Lab None
Course Description: This course addresses the issues associated with open source LAMP (Linux, Apache, MySQL, PHP) stacks with a focus on security and Intrusion Detection Systems (IDS). Topics include the installation, configuration, management of LAMP resources, Snort IDS, ACID and Zenoss threat analytical software, and other IDS related tools as well as the practical test firing of IDS resources.
MnTC Goals
None

Prerequisite(s): CVF 1065  and CVF 1085  with a grade of C or higher OR instructor consent. System administration experience on Microsoft Windows or Linux operating systems.
Corequisite(s): None
Recommendation: None

Major Content
  1. Introduction to Linux, Apache, MySQL and PHP (LAMP) Stacks.
    1. Introduce students to LAMP stacks.
    2. Explain the common purposes and uses of LAMP stacks.
    3. Create virtual CentOS Linux server, setup Apache and create test page.
    4. Create virtual Ubuntu (Windows Available) client.
  2. Introduction to JavaScript.
    1. Introduction to JavaScript (JS) with examples.
    2. Work with students to implement JavaScript to create a more dynamic pages.
    3. Show students how to utilize JS to prepare data to be passed to DB via PHP.
  3. Further work with JavaScript.
    1. Begin creating test pages which handle logins, authentications and database data display utilizing JS and PHP scripting.
    2. Error check input data using JS and/or PHP.
  4. Introduce Cross-Site Scripting (XSS) attacks.
    1. Introduction to XSS passive and persistent injection attacks.
    2. Demonstrate passive/persistent XSS attacks using prepared web pages.
    3. Work with students in executing XSS attacks against prepared web pages.
  5. Introduce SQL Injection attacks.
    1. Introduction to SQL injection database attacks.
    2. Demonstrate SQL Injection against prepared database/web pages.
    3. Work with students in executing SQL Injection against prepared database/web pages.
  6. Further XSS/SQL Injection analysis.
    1. Work with students to further analyze web pages for vulnerabilities.
    2. Execute more prepared attacks for familiarization.
  7. Encompass concepts.
    1. Work with students in creating a web site which encompasses studied concepts such as scripting, data assurance, security, database architecture and user input security.
  8. Introduction to Intrusion Detection Systems (IDS’) and Snort
    1. Introduction to IDS’ implementing Snort.
    2. Explore various network implementations and capabilities/uses of IDS’ utilizing Snort.
  9. Installing and Configuring Snort
    1. Install Snort and all required dependencies.
    2. Teach students to compile and install many of the required Snort dependencies from source.
  10. Configure lab LAMP stack for basic web server functionality.
    1. Examine various Apache configuration settings.
    2. Configure various network and management options for LAMP stack.
    3. Use virtual client to access test page and verify base functionality of LAMP stack.
    4. Install MySQL and PHP.
  11. Further configure lab LAMP stack for full LAMP web server functionality.
    1. Configure MySQL database, prepare for use.
    2. Install and configure PHPMyAdmin for database administration.
    3. Have students configure MySQL databases and explain architecture of MySQL databases.
  12. Create simple PHP pages for database interaction.
    1. Work with students to create a simple PHP web page that executes a simple database query.
    2. Explore with students basic HTML web page creation.
    3. Teach student SQL various common SQL queries using PHPMyAdmin and simple PHP page.
  13. Further develop test PHP pages utilizing more SQL queries.
    1. Walk students through further PHP page scripting, explore common scripting concepts.
    2. Create PHP web page(s) and execute further SQL queries using created PHP pages.
    3. Explore semi-dynamic page content display using PHP and SQL queries.
  14. Examine local files, processes and services running on the LAMP stack and how to ensure uptime.
    1. Teach students how to utilize cron jobs to back up databases and ensure service uptime.
    2. Examine server management options and how to securely configure said options.
  15. Sensitive data handling.
    1. Work with students on preparing a registration/login page in PHP which utilizes a database.
    2. Explore data hashing and encryption with students for secure database storage of user data.
    3. Go over various user authentication techniques such as LDAP, cookies, sessions, etc.
  16. Working with Snort rules
    1. Introduce students to Snort rules and their implementation.
    2. Touch on the ¿enterprise¿ rule service and work with students to update and configure rules provided from the Snort website.
  17. Configuring plugins, pre-processors and output modules.
    1. Configuring and implementing Snort plugins, pre-processors and output modules.
  18. Working with Snort+MySQL
    1. Install and configure Snort plus dependencies for use with a MySQL database.
  19. Snort Data Analytics
    1. Introduce Snort log analytic web frameworks such as ACID, SnortSnarf and Zenoss Core.
    2. Touch on each program’s purpose, capabilities and advantages.
  20. Miscellaneous Tools / Techniques
    1. Introduce students to various tools which would be beneficial for use in an IDS environment.
    2. Go over various deployment strategies of IDS sensors.
    3. Focus on log file collection and analytics (syslog, SNMP, etc).
  21. Snort Data Analytic Software ICM
    1. Install, Configure and Manage analytical software for use with Snort logs.
  22. Test Fire IDS Systems
    1. Prepare an IDS in a virtualized small office network environment.
    2. Employ various malicious network activities to test fire IDS systems and examine differing alerting techniques and automated responses.

Learning Outcomes
At the end of this course students will be able to:

  1. configure and manage server network information and simple database interactive PHP page.
  2. create and use PHP web pages to execute SQL query and display resultant information.
  3. demonstrate practical knowledge of SQL queries.
  4. demonstrate practical knowledge of common website exploits (SQL Injection, XSS, etc).
  5. install and configure Apache, MySQL, PHPMyAdmin and PHP.
  6. install and configure a Linux server.
  7. manage MySQL database structure (create and modify multiple databases/tables.) using PHPMyAdmin.
  8. analyze an exploited LAMP stack.
  9. analyze web pages/web servers for exploit vulnerabilities and possible attack vectors.
  10. conduct SQL Injection, XSS and other common attacks against web pages.
  11. implement IDS analytics software.
  12. install and configure Snort for use with MySQL.
  13. install, configure and manage Snort + dependencies.
  14. manage Snort plugins and rules.
  15. manage and configure LAMP stack critical local files, services and processes.

Competency 1 (1-6)
None
Competency 2 (7-10)
None


Courses and Registration



Add to Portfolio (opens a new window)