2. If we only went to a few web sites, why are there so many alerts?
3. What are the advantages of logging more information to the alerts file?
4. What are the disadvantages of logging more information to the alerts file?
5. What are the advantages of using rule sets from the snort web site?
6. Describe (in plain English) at least one type of ruleset you would want to add to a high level security network and why?
7. If a person with malicious intent were to get into your network and have read/write access to your IDS log or rule set how could they use that information to their advantage?
8. An intrusion prevention system can either wait until it has all of the information it needs, or can allow packets through based on statistics (guessed or previously known facts). What are the advantages and disadvantages of each approach?
9. So, the “bad guy” decides to do a Denial of Service on your Intrusion Prevention System. At least two things can happen, the system can allow all traffic through (without being checked) or can deny all traffic until the system comes back up. What are the factors that you must consider in making this design decision?
10. What did you find particularly useful about this lab (please be specific)? What if anything was difficult to follow? What would you change to make it better?
This question was asked on Jul 04, 2011.
Recently Asked Questions
- Companies are leveraging the comfort that younger customers have with social networking sites to further business opportunities. Many sites have you complete
- What is the measure of angle R in the following triangle?
- When carrying out an experiment, the following lab data was obtained. I need a clear lab report.