SnortNetwork Security

IDS for CHARUSAT University

Network Security Engineer·Dec 2020 – Jan 2021

Overview

A Snort-based intrusion detection system deployed on CHARUSAT University's network. The system provides real-time threat detection with student IP allowlisting, automated IPS blocking for known malicious sources, and a live dashboard that replaced manual CMD log review by network staff.

The Challenge

CHARUSAT's network had no automated intrusion detection — the only visibility was through manual review of raw Snort logs via CMD, which was too slow to catch active threats and required dedicated staff time. Student IP management and IP-based restrictions had no enforcement mechanism.

The Solution

Deployed Snort with custom rules tuned for university network traffic patterns. Built student IP allowlisting logic to differentiate legitimate campus traffic from suspicious sources. Integrated Snort with an IPS mode to automatically block high-confidence malicious IPs. Developed a Python-based real-time logging dashboard that displays alerts, source IPs, and classification — eliminating the need for manual CMD review.

Tech Stack

SnortCore IDS/IPS engine with custom university-tuned rules

PythonReal-time alert processing and dashboard backend

Dashboard UILive alert visualization replacing manual CMD log review

IP AllowlistingStudent IP management and legitimate traffic classification

IPS IntegrationAutomated blocking of high-confidence threat sources

Outcomes

▸Real-time threat detection replacing manual log review for network staff
▸Student IP allowlisting enforced — reduces false-positive alert volume
▸IPS integration enables automated blocking without human intervention
▸Dashboard reduces mean time to identify active intrusion events

← Back to all projects View Artifact ↗