Tiêu đề Lab Exercise Guide Module 3 rev1.pdf ✅

Lab Exercise Guide Bootcamp for Managing Security Device Lab Exercise Title: Deploying and Testing Intrusion Detection and Prevention System with Suricata Lab Duration: 3–4 hours Objective: This lab is designed to familiarize participants with the deployment and configuration of Suricata as both an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) in a Linux-based environment. Participants will go through the steps of installing Suricata, configuring rule sets, updating detection sources, and validating threat detection using both test patterns and simulated traffic. Moreover, the lab emphasizes the ability to shift Suricata from passive (IDS) to active (IPS) mode, enabling real-time packet inspection and blocking. Through hands-on tasks such as creating custom rules and analyzing JSON-formatted alerts, participants will gain practical experience in network-based threat monitoring and active response, strengthening their capability to defend against unauthorized access and attacks in real-world scenarios. Prerequisites: ● - Lab Setup ● VM: Ubuntu, Suricata ● Software: VirtualBox Resource: ● - Step-by-step: ● Access your Lab via SSH (Command Prompt or other SSH client platform) Task 1: Install Suricata ● Open the terminal ● Add the Open Information Security Foundation’s (OSIF) repository to our Ubuntu machine: sudo add-apt-repository ppa:oisf/suricata-stable ● Then, continue to add repository by press Enter.

Lab Exercise Guide Bootcamp for Managing Security Device ● Enter Ctrl+W and type “af-packet” and verify that the interface matches your interface. If it doesn’t make sure to change it to the correct interface. In this example, as previously noted, the network interface is ens4. ● Enter Ctrl+W and type “default-rule-path” and verify that the path is: /var/lib/suricata/rules ● Configure live rule reloading, which means you can add, remove, and edit rules without having to restart the Suricata service. Scroll to the last line in the editor and type the following: detect-engine: - rule-reload: true ● Then, save and exit the text editor by pressing respectively: Ctrl+O, Enter, Ctrl+X ● Notify the Suricata process to reload its rulesets without restarting the process and restart the Suricata service with the following commands: sudo systemctl restart suricata.service ● Check the suricata.service status: sudo systemctl status suricata.service