IDS SAX2 2'0

1
IDS (SAX2 2.0)

• Jarrod Williams
• Oluwole Awosanya
• Vishnu Pabbathi

2
Overview

• Introduction
• What it Sax 2 2.0 does
• Types of threats sax2 2.0 detects
• Why use Sax 2 2.0?

3
Overview

• Advantages
• How to install Sax 2 2.0
• Screen shots
• Lab Demo

4
(No Transcript)
5
Overview

• Where to download it.
• Conclusion
• References

6
Introduction

• Sax2 2.0
• Ax3soft Sax2 is a professional intrusion
  detection and response system that performs
  real-time packet capturing, 24/7 network
  monitoring, advanced protocol analyzing and
  automatic expert detection.

7
What Sax2 2.0 does

• Network host based IDS
• Checks host networks for vulnerabilities and
  signs of hacker activity
• Monitors network traffic to host machines
• Keeps logs of host traffic
• Isolates and solves network problems such as
  bottlenecks and bandwidth use

8
Types of threats it detects

• Hackers
• Packet sniffers
• Packet loggers
• Port scanning
• Probing
• DOS attacks

9
Why use Sax2 2.0?

• Network Manager detects network attacks, finds
  infected machines, counts network traffic, finds
  network vulnerability.
• Security Manager browses the specific content of
  network transmission, analyzes network anomalies,
  realizes potential security risks in network.

10
Why use Sax 2 2.0? (contd.)

• Security adviser analyzes network transmission,
  locates network security vulnerabilities,
  optimizes network performance. 

11
Advantages

• Free
• Stability
• Support 24/7 assistance from highly qualified
  engineers 
• Easy to use

12
How to Install Sax 2 2.0
13
Screen shots
14
Security policy Screen shots
15
Policy screen shot
16
Main Screen Shot
17
Where to find Sax 2 2.0

• www.saxproject.org/sax2.0
• www.sourceforge.net/projects.sax/sax2.0
• www.snort.org/sax2.0

18
Lab Demo

•      Open Sax2 2.0
• 1.      In the Top Menu go to Detection (D)
• 2.      In the general option you will have a
  default setting Packet Size/Buffer 4096 Bytes
  Max Interval Between Read Packets 1000
  Millisecond
• 2.      Click On The Options Icon. It Opens Up
  Different Settings/schemes View Responses
  Analysis
• o        In The Analysis Module Folder Menu,
  Explore different Analyzer settings for the
  various protocols.
• o        Go To The HTTP Analyzer Branch, double
  click and then click the cursor over yes, in
  the box right of enable.
• o        Change The Setting to NO
• o        Then Apply, then click OK
• Finally, Click on Start, In between
  Save/Stop.
•  3.      Now Open up your web Browser, Click on
  various web sites and do some surfing. Then
  switch/tab back to Sax2 2.0.
•   The Statistical Data should be 0 in every
  category.

19
Conclusion

• Sax2.0 intrusion detection system has proven to
  be an effective security tool to protect against
  computer vulnerabilities such as hackers,
  viruses, and many other computer threats.

20
References

• Network Defense and Countermeasures Principles
  and Practices, Chuck Easttom. Prentice Hall,
  2006.
• Appendix B. SAX 2.0 Features and Properties,
  OReilly. http//www.unix.com.ua/orelly/xml/jxml/a
  ppb_01.htm, 2002. 
• www.sourceforge.net/projectssax2.0

21
Questions

• ??????????????????????????????????????????????????
  ??????????????????????????????????????????????????
  ??????????????????????????????????????????????????
  ??????????