2. If we only went to a few web sites, why are there so many alerts?
3. What are the advantages of logging more information to the alerts file?
4. What are the disadvantages of logging more information to the alerts file?
5. What are the advantages of using rule sets from the snort web site?
6. Describe (in plain English) at least one type of ruleset you would want to add to a high level security network and why?
7. If a person with malicious intent were to get into your network and have read/write access to your IDS log or rule set how could they use that information to their advantage?
8. An intrusion prevention system can either wait until it has all of the information it needs, or can allow packets through based on statistics (guessed or previously known facts). What are the advantages and disadvantages of each approach?
9. So, the “bad guy” decides to do a Denial of Service on your Intrusion Prevention System. At least two things can happen, the system can allow all traffic through (without being checked) or can deny all traffic until the system comes back up. What are the factors that you must consider in making this design decision?
10. What did you find particularly useful about this lab (please be specific)? What if anything was difficult to follow? What would you change to make it better?
Recently Asked Questions
- what should a consumer of research know about (p values) pertaining to quantitative research finding
- By now, you have probably read Chapter 1 and discovered that the formal definition of psychology tells us that psychology is the scientific study of human
- Examine three (3) cable maintenance tools that you would consider essential for a network team. Of the three (3) tools that you have examined, determine the