2. If we only went to a few web sites, why are there so many alerts?
3. What are the advantages of logging more information to the alerts file?
4. What are the disadvantages of logging more information to the alerts file?
5. What are the advantages of using rule sets from the snort web site?
6. Describe (in plain English) at least one type of ruleset you would want to add to a high level security network and why?
7. If a person with malicious intent were to get into your network and have read/write access to your IDS log or rule set how could they use that information to their advantage?
8. An intrusion prevention system can either wait until it has all of the information it needs, or can allow packets through based on statistics (guessed or previously known facts). What are the advantages and disadvantages of each approach?
9. So, the “bad guy” decides to do a Denial of Service on your Intrusion Prevention System. At least two things can happen, the system can allow all traffic through (without being checked) or can deny all traffic until the system comes back up. What are the factors that you must consider in making this design decision?
10. What did you find particularly useful about this lab (please be specific)? What if anything was difficult to follow? What would you change to make it better?
Recently Asked Questions
- Journalize the transactions and the closing entries for net income and dividends. (Credit account titles are automatically indented when amount is entered. Do
- The employment-at-will doctrine allows employees to quit at any time for any reason and employers to fire employees at any time for any legal reason. How does
- Complete Problems 4.9, 4.15, 4.19, 4.23, 4.45, and 4.48