My research plan for the 2011 – 2012 school year is to focus on the deployment and maitenence of the open source network intrusion prevention and detection (IDS/IPS) system, Snort
My projected outline for research at this time looks like the following
1. Deploy a configuration of Snort on either a Windows or Ubuntu system.
2. Work towards understanding the possibilities and configurations of running Snort in IDS mode
3. Learn the Snort rule format and write custom rules for Snort. Have the ability to identify what a rule does ‘at a glance’.
4. Use Snort’s ability to interface with outside systems such as a firewall.
Here is a model of the network I am deploying:
As of the most recent update (9/16/2011):
All machines are running in the virtual environment, and have been updated to the latest patches.
The next step is to network the boxes together virtually in our vSphere deployment.