User Account

All Pages

What factors have been most important in continued viability

Assignment Help Computer Network Security
Reference no: EM131561780

Assignment: Intrusion Detection and Intrusion Prevention

Part 1: True or False Questions. (10 questions at 1 point each) Add reason

1. T F To have a Snort rule match on both inbound and outbound traffic, the rule should use the flow: to server, from client, established; option.

2. T F Host-based IDS can be used to monitor compliance with corporate policies such as acceptable use of computer resources.

3. T F An on-demand operational IDS model is not suitable if legally admissible data collection is required.

4. T F Current criminal and civil procedure laws and rules of evidence do not provide clear guidance on digital and electronic forms of evidence such as IDS logs.

5. T F Snort unified output plug-ins can be used to off-load computing tasks from the core Snort program to improve overall performance.

6. T F Thresholds used in Snort alert rules can cause false negatives if the attacker works slowly enough.

7. T F Network-based IDS provides no protection against internal threats.

8. T F When a "pass" rule is matched in Snort, no other rules are evaluated.

9. T F To ensure proper execution of Snort rules using the "uricontent" option the HTTP Inspect preprocessor must be installed and configured in Snort.

10. T F There are no monitoring situations that justify real-time intrusion response.

Part 2: Short Answer Questions.

1. False positive and False negative

1. Define and differentiate false positive and false negative.
2. Which is worse, and why?
3. Give one example of each, drawn from any context that demonstrates your understanding of the terms.

2. Snort rule

1. Describe the components of the following Snort rule.

alert ip any any -> any any (msg:"BAD-TRAFFIC same SRC/DST"; sameip; reference:bugtraq,2666; reference:cve,1999-0016; reference:url,www.cert.org/advisories/CA-1997-28.html; classtype:bad-unknown; sid:527; rev:8;)

a. What sort of attack is it intended to detect?
b. What network traffic pattern information is it looking for?

3. User-centric and target-centric monitoring:

1. What are the key differences between user-centric and target-centric monitoring in behavioral data forensics?
2. Is one perspective preferred over the other?
3. If so, what are some of the advantages of the preferred choice, or disadvantages of the non-preferred choice?

4. Write a rule using Snort syntax to detect an internal user executing a Windows "tracert" command to identify the network path to an external destination. What changes, if any, would you need to make to this rule to make it also work for a Unix/Linux "traceroute"?

5. As Trost noted, most network IDS tools are designed to optimize performance analyzing traffic using a variety of protocols specific to TCP/IP wired networks.

1. Describe at least two intrusion detection scenarios where specialized types of monitoring and analysis are called for
2. what limitations exist in conventional NIDS that make them insufficient to provide effective intrusion detection in the environments corresponding to these scenarios.

6. Multi-event signature

1. What is a multi-event signature?
2. Provide at least two examples of multi-event signature activities or patterns that might be monitored with an intrusion detection system.

7. Anomaly-based intrusion detection

1. What are the operational requirements necessary to perform anomaly-based intrusion detection?

2. How does the information gathered about network traffic by anomaly-based IDS tools differ from the information gathered by signature-based NIDS?

8. Many people perceive intrusion detection to be a constant, all-the-time security function.

1. Identify and describe at least two "part-time" intrusion detection operational models,
2. and for each give an example of a usage scenario that would call for part-time monitoring.

9. Are organizations legally obligated to use intrusion detection capabilities? Why or why not?

10. Imagine you are tasked with monitoring network communication in an organization that uses encrypted transmission channels.

1. What are the limitations of using intrusion detection systems in this environment?
2. What methods would you employ to accomplish this task?

Part 3: Essay Questions. Maximum length: 2 pages each, excluding references. (Two questions at 15 points each)

1. In 2003, a well-publicized report from IT analyst firm Gartner predicted that the market for stand-alone IDS tools would soon disappear, and urged Gartner clients to cease investing in IDS tools in favor of firewalls. Last week, U.S. cyber security czar Howard Schmidt publicly called for enterprise network intrusion detection, and asked, "Why haven't we done this already?" (https://fcw.com/articles/2010/04/14/irmco-cyber-security-issues-initiatives-howard-schmidt.aspx?s=fcwdaily_150410) Clearly, the obsolescence of IDS tools by 2005 did not occur as Gartner predicted.

Article: Cyber chief slams security efforts By Amber Corrin.

1. What factors have been most important in the continued viability of the IDS market?

2. Based on what you have learned about IDS and IPS tools, do you think these tools will continue to be used as a key security component? Why or why not?

2. In early 2008, the U.S. Department of Homeland Security stated publicly that it wanted more intrusion detection capabilities, in particular citing a need to move to mandatory real-time intrusion detection for federal government networks, as an expansion of current passive, voluntary monitoring. The current manifestation of this goal is the Einstein program, which while officially in a pilot phase is likely to be expanded significantly soring in 2011.

Article: DHS releases new details on Einstein 3 intrusion prevention pilot By Ben Bain.

1. Using what we have learned in this course and your own knowledge of IDS operational models, requirements, and other characteristics associated with selecting and using the most appropriate types of intrusion detection and prevention, what is your response to the proposal to implement comprehensive intrusion detection and prevention for all network traffic to or from U.S. government agencies?

2. What are some of the key obstacles faced in rolling out an intrusion detection capability of this sort?

3. Identify and describe at least three challenges that DHS should consider when planning the Einstein deployment.

Reference no: EM131561780

Questions Cloud

Calculate the total cost of production in the month of march : Apollo Manufacturing produces a basic cellphone as a contract manufacturer. Calculate the total cost of production in the month of March
What is wrong with the house bill statement : In 1897, the Indiana House of Representatives passed unanimously a bill that included "the important fact that the ratio of the diameter.
What is the total fee percentage paid in the final year : What is the total fee percentage paid in the final year? What your ending balance? In what years, do you pay the performance fee?
What is the average amount of the collection float : These checks clear your bank in 2 days. What is the average amount of the collection float?
What factors have been most important in continued viability : What factors have been most important in the continued viability of the IDS market? What methods would you employ to accomplish this task?
Determine the indicated angles : Refer to Fig., where is a diameter, is a tangent line at B, and ?ABC = 65°.
Prepare an income statement for the month of may : Prepare a table to summarize the preceding transactions as they affect the accounting equation. Use the format in Exhibit 3-1
Post the transactions to individual t-accounts : Post the transactions to individual T-accounts and prepare an adjusted trial balance for Rocky Mountain Company as of December 31, 2016.
What is the amount of cash and cash equivalents : What is the amount of Cash and Cash Equivalents at the end of 2016? Be sure to indicate dollars "in thousands," "in millions" or other

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd