User Account

All Pages

Create the necessary ruleset to use within snort to fire

Assignment Help Management Information Sys
Reference no: EM131911318

In previous parts of the course we have looked at network packet capture and packet analysis, rule writing in Snort, and the functions of the IDS detection engine, all while consistently tracing back to the security requirements and objectives that we're trying to achieve in the first place.

Over the last two weeks we focused in our readings on specific ways in which network and hostbased IDS tools could be used to identify different threats, look for interesting events, or monitor types of behavior.

Your second lab assignment asks that you apply both your technical knowledge and your practical knowledge of IDS in order to come up with a way to monitor for a specific type of behavior. This assignment is also intended in part to highlight the potential for effective use of NIDS tools for detecting internal threats, despite the fact that some of your reading has suggested NIDS is poorly suited for this type of task.

The Scenario:

Assume that you are a security analyst working for a medium-sized company where many employees use computers connected to the  Internet (as well as to the internal company LAN of course) as part of their daily job functions.

Your company has implemented an acceptable-use policy for all employees that includes a general prohibition on using company computing resources to conduct inappropriate activities, such as downloading copyrighted music and videos, participating in online gambling, visiting "adult-oriented" web sites, and posting sensitive company information to blogs, message boards, or similar sites.

Your company is considering deploying content-filtering software to help enforce this policy, but is not sure whether the cost and potentially over-broad restrictions imposed by the software would be justified.

As a knowledgeable security analyst, you voice an educated opinion that you can use Snort, the company's chosen NIDS tool, to help monitor network activity and provide information that might support a decision about whether content filtering software is  warranted.

The Assignment:

Pick a web site that fits one or more of the prohibited categories above (or something similarly likely to fall on the wrong side of "acceptable use"), and create the necessary ruleset to use within Snort to fire an alert whenever an attempt is made to connect to, access, browse, or otherwise visit the site you have chosen.

Stated simply, you want to be alerted if any internal network user tries to access the site you have chosen.

Set up your ruleset and your Snort configuration to load the rule in Snort. Then, with Snort running and including your ruleset, open a browser and visit the prohibited site you have chosen. Verify that your rule fires when this happens. Your completed lab assignment should contain the following:

1. The "unacceptable" site you selected.

2. The ruleset created to detect attempts to visit the site.

3. The Snort output produced when the rule fired and the alert was generated (a screenshot of the terminal window showing Snort running with console output or a copy of the ASCII log file is sufficient).

Reference no: EM131911318

Questions Cloud

Compare and contrast a business case and a business plan : Compare and contrast a Business Case and a Business Plan. Include definitions and applications. Also please explore business case templates.
What is marc and michelles adjusted gross income : What is Marc and Michelle's adjusted gross income? What is Marc and Michelle's taxable income? What is Marc and Michelle's taxes payable or refund due?
Prepare all the necessary journal entries for acme : Prepare all the necessary journal entries for ACME in 2011, 2012, 2013 and 2014 regarding its investment in AJAX if ACME has no significant influence over AJAX
Analyze how are your company faring compared to the industry : Analyze How are your company faring compared to the industry? To its competitor(s)? Describe your company's financial performance relative to the industry.
Create the necessary ruleset to use within snort to fire : Assume that you are a security analyst working for a medium-sized company where many employees use computers connected to the Internet.
Succeed in a training program : Explain how you would determine whether employees had the reading level necessary to succeed in a training program.
What events led to the us federal reserve : What events led to the US Federal Reserve adopting this practice and what are the differences between the three rounds of quantitative easing (QE)?
Fuel shortage slows india economic growth : India has struggled to provide enough electricity to power its industry. New power stations have been built but the country cannot get enough fuel
What is marcs average tax rate : Marc, a single taxpayer, earns $60,000 in taxable income and $5,000 in interest from an investment in city of Birmingham Bonds. What is his average tax rate?

Reviews

Write a Review

Management Information Sys Questions & Answers

  How the class scheduler can be limited to access a database

Discuss how the class scheduler can be limited to access a specific database or table. Also specify which login method you recommend to be used.

  What is the purpose of crime scene reconstruction

The reconstruction of a crime scene is an effort between law enforcement, forensic specialists and experts, medical personnel, and criminalists.

  Compute the cost variance and schedule variance

Identify at least four (4) attributes of the mobile application development project that can be measured and controlled

  What you have learned about the importance of technology

ITM 517- For this module, your task is to apply what you have learned about the importance of technology in information security management to to an information security issue of your choice.

  What are the business costs or risks of poof data quality

What are the business costs or risks of poof data quality? Explain information management. Why do organizations still have information deficiency problem?

  Five-component model of information systems and their

five-component model of information systems and their useslist and briefly explain the five-component model of an

  Discuss about the cloud profitability

Discuss whether or not there are cost benefits to cloud computing using specific examples.

  Identify the challenge areas

The options should provide sufficient detail so that Brian can decide what to do. Information from Part A should be used as background (input) into the go-forwardoptions outlined in your report.

  Amos is a computer consultant and his office is located in

amos is a computer consultant and his office is located in orange ca. he and his wife susan used their lear jet which

  Research paper on negotiation subject

Research Paper on Negotiation subject.Information/topic is interesting and realistically portrayed .

  Describe how technology is changing face of businesses today

Describe how technology is changing the face of businesses today. Describe the most critical business processes that utilize information systems in your selected company.

  Provide a financial analysis for the information system plan

Provide a financial analysis for the Information System Plan. Include an estimate of time and resources with associated cost.Also. include a break-even analysis, cash flow analysis, and present value analysis. Provide a narrative on methods to be ..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd