User Account

All Pages

What is a multi-event signature

Assignment Help Computer Network Security
Reference no: EM132190643

Part 1: Essay Question

In 2003, a well-publicized report from IT analyst firm Gartner predicted that the market for stand-alone IDS tools would soon disappear, and urged Gartner clients to cease investing in IDS tools in favor of firewalls. Clearly, the obsolescence of IDS tools by 2005 did not occur as Gartner predicted, due in part to significant increases in the technological capability, processing speed, and accuracy of IDS tools in the nearly 10 years since the erroneous prediction.

Contemporary enterprises have a wide array of network and platform security tools from which to choose, and as we have seen in this course there is substantial overlap in the capabilities of different categories of tools such as firewalls, IDS, anti-malware, vulnerability scanners, and so forth. What factors would exert the most influence on an organization and lead it to choose to implement IDS? In your response please identify potential benefits of IDS, potential drawbacks, and any considerations about an organization's operating environment that might drive its decision.

Part 2: Short Answer Questions

1. What are the operational requirements necessary to perform anomaly-based intrusion detection? How does the information gathered about network traffic by anomaly-based IDS tools differ from the information gathered by signature-based NIDS?

2. IDS is a great way to capture forensic evidence for the activity of systems (including intrusion), however, there is inherent problems with using IDS logs as legal evidence because of the possibility for manipulation of the data and therefore credibility of the evidence. Describe the requirements on log data to be admissible as legal evidence.

3. Imagine you are tasked with monitoring network communication in an organization that uses encrypted transmission channels. What are the limitations of using intrusion detection systems in this environment? What methods would you employ to accomplish this task?

4. Describe how Distributed Denial-of-service (DDoS) attacks such as smurf attack may be detected and alerted using Snort.

5. Explain the following Snort rule. What sort of attack is it intended to detect? What network traffic pattern information is it looking for?

6. Write a Snort rule with the following functions:
a. Looks for the case-insensitive string in all traffic matched by the rule header.
b. Skips the first 12 bytes of each packet before starting search, for efficiency

7. Most network IDS tools are designed to optimize performance analyzing traffic using a variety of protocols specific to TCP/IP wired networks. Describe at least two intrusion detection scenarios where specialized types of monitoring and analysis are called for, explaining what limitations exist in conventional NIDS that make them insufficient to provide effective intrusion detection in the environments corresponding to these scenarios.

8. What is a multi-event signature? Provide at least two examples of multi-event signature activities or patterns that might be monitored with an intrusion detection system.

9. Snort rule has a metadata field, with zero or more policy values. Describe currently available policy values along with explanations.

10. Describe what the "fast_pattern" modifier means in Snort rules. Also, explain the differences between "fast_pattern" and "fast_pattern:only" modifiers with examples.

11. Describe the meaning of the following content options used in a Snort rule with matching and unmatching examples:

content:"GET"; depth:3; content:"downloads"; distance:10; within:9;

12. Define and differentiate false positive and false negative. Which is worse, and why? Give one example of each, drawn from any context that demonstrates your understanding of the terms.

Reference no: EM132190643

Questions Cloud

What is their purpose for the hero and for the audience : Don Quixote has a side-we see this commonly in Actions movies, "hero" movies or television shows.
Write an essay about an actor : Write a 250 word essay about an actor and what made their acting "good" or "bad". Please use specific examples from the show.
Briefly describe your chosen peer-reviewed article : Briefly describe your chosen peer-reviewed article. What is the main research question/thesis of the article
Analyze the colors used in the rooms : Analyze the colors used in the rooms and objects in Poe's "Masque of the Red Death." What do they represent? Who do you think is the narrator?
What is a multi-event signature : INFA 630 - Intrusion Detection and Intrusion Prevention - Define and differentiate false positive and false negative. Which is worse, and why? Give one example
Discuss the fundamental actions that the leadership taking : Discuss the fundamental actions that the leadership of the selected country is - or is not - taking to improve the living standards of its people
How would you measure the effectiveness of your company : How would you measure the effectiveness of your company's IT and MIS investment?
Develop a project management plan for the implementation : Your organization believes that personal health record (PHR) technology could help their constituents have access to a medical record anywhere and anytime.
What are the advantages of using erp : As an IT manager, discuss how your company will use Enterprise Resource Planning (ERP) to integrate the various functions of an entity.

Reviews

len2190643

12/10/2018 11:57:22 PM

I want an expert on Information and system security with good English, plagiarism free and with report. Please follow instruction as specified in the question. The test is worth 25% of your grade for the course. It is scored on the basis of 100 points for the test.

len2190643

12/10/2018 11:56:14 PM

When composing your answers to the essay questions, be thorough. Do not simply examine one alternative if two or more alternatives exist. The more complete your answer, the higher your score will be. Be sure to identify any assumptions you are making in developing your answers, and describe how your answer would change if the assumptions were different. While composing your answers to the essay questions, be very careful to cite your sources. It is easy to get careless and forget to footnote a source. Remember, failure to cite sources constitutes an academic integrity violation. Use APA style for citations and references. In preparing your exam for submission, please follow these instructions precisely: 1. Use this document as a template, i.e., fill in your answers in the indicated locations. 2. Modify the header to show your name. 3. Submit your completed exam as a Microsoft Word or RTF document via your LEO

len2190643

12/10/2018 11:56:07 PM

You are to take this test during the week of 10. Work alone. You may not confer with other class members, or anyone else, directly or by e-mail or otherwise, regarding the questions, issues, or your answers. You may use your notes, textbooks, other published materials, the LEO site for this class, and Internet sources, keeping in mind your responsibility to give proper attribution to sources of material you use in your responses. The test is worth 25% of your grade for the course. It is scored on the basis of 100 points for the test. For the short answer section, bear in mind that a clear concise response that directly answers the question asked is always preferable to providing large volumes of potentially relevant information in the hope that the “right” answer will somehow be included.

Write a Review

Computer Network Security Questions & Answers

  List the global locations where the systems will be housed

Design a Detailed Network Diagram for a Distributed System. List the global locations where the systems will be housed.

  Explain the concept of a quality adjusted life year

When is it appropriate to use "QALYs" instead of simply improved life expectancy as the outcome measure in an economic evaluation?

  Evaluating the balance between security and accessibility

The amount and kinds of risks that organizations accept after evaluating the balance between Security and accessibility and applying the controls, is called

  Server program receives a newline character

The server program receives a NewLine character sent from the client, it will display a message like 'Line from the client: - How much will it be to get some help with this small portion of the assignment?

  Article on a current topic related to it security

Post a link to an article on a current topic related to IT security and/or ethics in the news. Once you post your article, go to other students submission and respond with how you see the articles content relating to either of the texts in class ..

  Describe the most efficient attack against encryption method

Suppose Bob uses the RSA cryptosystem with a very large modulus n. If not, describe the most efficient attack against this encryption method.

  Provide a three to five page proposal summarizing purpose

Provide a three to five page proposal summarizing purpose and benefit of chosen security software to the executive management team.

  What is happening now in terms of privacy on the web

Privacy on the Web: What is happening now in terms of privacy on the Web? Think about recent abuses and improvements.

  Explain the added challenges of securing wireless devices

Explain the added challenges of securing wireless devices versus securing LAN-connected devices. Imagine you are starting a new small- to-midsized cybercafe business from the ground up. Explain which areas of your network would be LAN based and wh..

  What would the hash value of the modified file look like

Bob is concerned about the possibility of having his 100k byte file modified without his knowledge, so he calculates a 100 byte hash. Alice, unbeknownst to Bob, changes a single character in Bob's file.

  Determine the stories about social engineering attacks

Perform a search on the web for article and stories about social engineering attacks or reverse social engineering attacks.

  What threat might pose to your computer system

Suppose that while trying to access a collection of short videos. What threat might this pose to your computer system if you approve this installation request?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd