User Account

All Pages

Create necessary ruleset to use within snort to fire alert

Assignment Help Case Study
Reference no: EM13313447

Over the last two weeks we focused in our readings on specific ways in which network and host-based IDS tools could be used to identify different threats, look for interesting events, or monitor types of behavior. Your third homework assignment asks that you apply both your technical knowledge and your practical knowledge of IDS in order to come up with a way to monitor for a specific type of behavior. This assignment is also intended in part to highlight the potential for effective use of NIDS tools for detecting internal threats, despite the fact that some of your reading has suggested NIDS is poorly suited for this type of task.

The Scenario: Assume that you are a security analyst working for a medium-sized company where many employees use computers connected to the Internet (as well as to the internal company LAN of course) as part of their daily job functions. Your company has implemented an acceptable-use policy for all employees that includes a general prohibition on using company computing resources to conduct inappropriate activities, such as downloading copyrighted music and videos, participating in online gambling, visiting "adult-oriented" web sites, and posting sensitive company information to blogs, message boards, or similar sites. Your company is considering deploying content-filtering software to help enforce this policy, but is not sure whether the cost and potentially over-broad restrictions imposed by the software would be justified. As a knowledgeable security analyst, you voice an educated opinion that you can use Snort, the company's chosen NIDS tool, to help monitor network activity and provide information that might support a decision about whether content filtering software is warranted.

The Assignment: Pick a web site that fits one or more of the prohibited categories above (or something similarly likely to fall on the wrong side of "acceptable use"), and create the necessary ruleset to use within Snort to fire an alert whenever an attempt is made to connect to, access, browse, or otherwise visit the site you have chosen. Stated simply, you want to be alerted if any internal network user tries to access the site you have chosen. Set up your ruleset and your Snort configuration to load the rule in Snort. Then, with Snort running and including your ruleset, open a browser and visit the prohibited site you have chosen. Verify that your rule fires when this happens. Your completed homework assignment should contain the following:

1. The "unacceptable" site you selected.
2. The ruleset created to detect attempts to visit the site.
3. The Snort output produced when the rule fired and the alert was generated (a screenshot of the terminal window showing Snort running with console output or a copy of the ASCII log file is sufficient).


Attachment:- ASSIGNMENT.rar

Reference no: EM13313447

Questions Cloud

What is the speed at which the satellite travels : A satellite is in a circular orbit about the earth (ME = 5.98 x 1024 kg). The period of the satellite is 2.11 x 104 s. What is the speed at which the satellite travels
Find the energy stored in the capacitor when fully chaged : A 0.350-{\rm m}-long cylindrical capacitor consists of a solid conducting core with a radius of 1.25mm, Calculate the energy stored in the capacitor when fully charged
Determine max value of dz if the flow is to remain laminar : The slope of the hill is such that for each 1.5 km of horizontal distance, the change in elevation is dz meter. Determine the maximum value of dz if the flow is to remain laminar, with a temperature of T=20°C and pressure all along the pipe is con..
What is the time period of a single beat of the flys wings : a fly beats its wings at a frequency of 1200 Hz. if the expansion and contraction of the wing muscles of the fly exhibits simple harmonic motion, what is the time period of a single beat of the flys wings
Create necessary ruleset to use within snort to fire alert : Pick a web site that fits one or more of the prohibited categories above (or something similarly likely to fall on the wrong side of "acceptable use"), and create the necessary ruleset to use within Snort to fire an alert.
Calculate how much water would the aquifer produce : The specific storage of a 45-m thick confined aquifer is 3.0 X 10^-5 m^-1. How much water would the aquifer produce if the piezometric surface is lowered by 10 m over an area of 1 km^2
What is the speed at which the spring leaves the wall : a spring is pressed against a wall so that it is compressed by 0.25 m (ie it is 0.25 m shorter than its equilibrium length). what is the speed at which the spring leaves the wall
Determine water level rise in an unconfined aquifer produced : Determine the water level rise in an unconfined aquifer produced by a seasonal precipitation of four inches. The aquifers porosity is 20 percent and its specific retention is 9 percent.
How long does it take for platform to make one revolution : A spring scale on a rotating platform indicates that the horizontal force on a 0.606 kg mass is 1.57 N, How long does it take for the platform to make one revolution

Reviews

Write a Review

Case Study Questions & Answers

  From the scenario, prioritize the attributes of golds reling

From the scenario, prioritize the attributes of Golds Reling's brand from the brand map presented in the scenario according to the attributes that you believe would be most important to the new tablet's target market. Provide support for your respons..

  Estimate of the impact of the program

State A implented a program to reduce smoking rates in 2005. State B did not. Using the data provided in the attached graph, calculate the difference-in-difference estimate of the impact of the program.

  Enron case shared activity

Enron was the first nationwide natural gas pipeline network in the United States. As the company grew, executives shifted the company's primary focus from energy delivery and infrastructure to investing in the stock market.

  How does nsi provide service desk support

Our clients, mainly teachers, are on deck for many hours a day, way beyond the capacity to staff a help desk phone line for 14 hours a day. CIS3008 - Information technology service management.

  Use a single blank line to separate code blocks

Do not identify yourself in your source code file. The system will maintain your identity and keep the process of reviewing anonymous. Upload the this file using the Submission Facility below, then proceed to completing reviews.

  Find the coursework requirements

Each staff member can borrow up to 17 books, a postgraduate student 10 and undergraduate student 6. The limit for a member of the public is 6 books.

  Judge the extent to which the marketing plan at just us

From the case study, judge the extent to which the marketing plan at Just Us! is outdated. Propose two (2) ways that Just Us! could improve the customer experience and thus sustain future growth.

  Krispy kreme financially healthy at year-end 2004

Is Krispy Kreme financially healthy at year-end 2004 and in light of your answer to question 1, what accounts for the firm's recent share price decline?

  Case study on erp project implementation

Vito was now interested in finding out what the new critical path will be. Furthermore, Vito wanted to start work on the project by July 01, 2013 and wanted to know when the project would be completed.

  Krispy kreme case study

KRISPY KREME CASE STUDY,

  Advantages that small business would have in trade

What are some advantages and disadvantages that small business would have in international trade and is going international something only large and established businesses should pursue? Why or why not.

  What is conscientious socializing

Conscientious socializing is described in Chapters 9. What is conscientious socializing? What are the tasks/activities that can be conducted through conscientious socializing? What are the benefits of this method?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd