User Account

All Pages

Describe how host-based intrusion detection works

Assignment Help Other Subject
Reference no: EM133730010

Part 1: IDS Placement. Please refer to the accompanying network diagram as you consider and respond to the following:

Question 1: Global Corporation, Inc. (GCI) is a fictional company providing business services to a variety of clients across many industries, including commercial and government entities. GCI recently finished construction of a new corporate headquarters, which includes the network infrastructure for primary company operations. You are a security analyst specializing in intrusion detection brought in by GCI to help determine the most appropriate kinds of IDS to use and most effective IDS placements to protect their network.

Question 2: GCI's network uses a conventional three-zone architecture: devices exposed to the Internet are part of an un-trusted outer zone; Internet-accessible services such as the company website and email are in a demilitarized zone; and major systems and servers supporting both Internet-facing and internal applications as well as internal computing resources such as the corporate LAN are in a trusted zone. Each of these zones is segmented from the others using hardware-based firewalls; the corporate databases are further protected behind their own dedicated firewall. GCI allows employees remote access to the corporate LAN using either VPN or dial-up connections.

Question 3: Identify the locations throughout the GCI network where you would recommend IDS to be deployed. Each of the components in the accompanying GCI-HQ Network diagram is lettered to simplify your references to the diagram. For network connections between devices and layers, you may assume for the purposes of this exercise that all components in a given zone share the same network segment. For each placement you recommend, please note the type of IDS to be deployed and any specific considerations that should be taken into account to ensure the effective monitoring of the location.

Question 4. Describe how host-based intrusion detection works, briefly contrasting it with network-based intrusion detection. Explain three types of threats against which HIDS is particularly effective.

Question 5. If an attacker knew a network-based IDS was running in a targeted environment, how might the attacker try to evade detection? Provide at least two examples of IDS evasion techniques that might be used by an attacker, and suggest a remedy or defense against the techniques you cite.

Question 6. Compare and contrast signature-based and anomaly-based intrusion detection systems. In your analysis, describe at least three ways in which the two types of IDS are similar, and at least three ways in which they differ.

Question 7. There are 2 different approaches in writing signatures in Network based IDS. Explain about the two primary approaches, and compare them in terms of their strengths and limitations.

Part 2: Short Answers. Please answer briefly and completely, and cite all sources of information.(8 questions at 8 points each)

Question 1. Describe factors you need to consider in making a decision on whether an IDS needs to be deployed in a home network or not. Please give a detailed explanation on each factor.

Question 2. When you are placing an NIDS sensor in a network with a firewall, there are 2 choices - placing it before a firewall (i.e., on internet-side) vs. after a firewall (i.e., on local network side). Provide pros and cons of each approach.

Question 3. Examine the following screen-shot of a short packet capture in Wireshark. Describe the sequence of packets exchanged between the two systems participating in the conversation. What sort of traffic has been captured? What is happening in the sequence shown on the screen? Please provide as much details as possible for each packet.

Reference no: EM133730010

Questions Cloud

How can you increase your comfort level in screening : Identify the questions that you would find the most difficult to ask? How can you increase your comfort level in screening for suicide
Identify how you feel the learning objectives were met : Identify how you feel the learning objectives were met or not met and support your response with examples from course materials and course assignments
Demonstrate content knowledge from our course : HUMN303N Demonstrate content knowledge from our course textbook. Refrain from oversharing - Demonstrate content knowledge from our course textbook
What is your opinion on each study in terms of design : Explore the consumption of fruits and vegetables and the risk of endometrial cancer. The results of the study indicate a lower risk of cancer with vegetable
Describe how host-based intrusion detection works : Describe how host-based intrusion detection works, briefly contrasting it with network-based intrusion detection. Explain three types of threats against
Analyze the foundations of networking and cybersecurity : Write a brief essay about networking and cybersecurity and Analyze the foundations of networking and cybersecurity, including cryptography
Identify the target market and segmentation : Conduct a market analysis Identify the target market and segmentation Develop marketing mix Establish marketing communication Identify social media channels
What was cultural context in which the artwork was produced : What was the cultural context in which the artwork was produced? What were the religious, political, social, or economic factors that influenced the art of this
When do we say variables are strongly correlated : What are the types of correlation? Explain them. When do we say variables are strongly correlated?

Reviews

Write a Review

Other Subject Questions & Answers

  Federal bureaucracies accountable

Who holds the federal bureaucracies accountable for their actions? How are they held accountable?

  Identify major functional requirements for the system

Formulate, validate and document business requirements for a medium-scale information system development project and effectively communicate these requirements

  Ethnicity-race-gender-socioeconomic status

Who are the majority of people doing grafitti on the streets of miami, ethnicity, race, gender, socioeconomic status.

  Value in having different personalities part of your team

People have different roles to play—do you think they all can contribute ? What is the value in having different personalities as part of your team ? How do you ensure that you have a balanced team in your working environment ensuring true harmony fo..

  What are your specialties or areas of clinical focus

What are your specialties or areas of clinical focus

  Explain the sexual response cycles in men

Why is it important for counselors to understand the similarities and differences between the sexual response cycles in men versus women?

  Discuss a current australian policy that aims to address

What is the issue and explain the background and what has lead to this inequality, difference, or issue with referencing and in-text referencing.

  What proportion of population will visit an emergency room

What proportion of the population will visit an emergency room within the next 6 months?

  Identify the b2c and b2b activities described in this case

Read the Bejing 2008: A Digital Olympics case in Chapter 1 and discuss the following. First, look at each business requirement and explain how the EC tools helped. After you have completed this, identify the B2C and B2B activities described in thi..

  Which reflexes dropped out early

How many of the reflexive behaviors were exhibited by the younger infant? By the older infant? Which reflexes dropped out early? What responses seem to replace each of the reflexive behaviors in the older infant?

  How those issues affected the quality of the information

Any issues that arose in both interviews. Explain how those issues affected the quality of the information you received

  Briefly define and discuss bicameral

Briefly define and discuss bicameral. Briefly define and discuss the use of immunity to a witness.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd