User Account

All Pages

Create necessary ruleset to use within snort to fire alert

Assignment Help Case Study
Reference no: EM13313447

Over the last two weeks we focused in our readings on specific ways in which network and host-based IDS tools could be used to identify different threats, look for interesting events, or monitor types of behavior. Your third homework assignment asks that you apply both your technical knowledge and your practical knowledge of IDS in order to come up with a way to monitor for a specific type of behavior. This assignment is also intended in part to highlight the potential for effective use of NIDS tools for detecting internal threats, despite the fact that some of your reading has suggested NIDS is poorly suited for this type of task.

The Scenario: Assume that you are a security analyst working for a medium-sized company where many employees use computers connected to the Internet (as well as to the internal company LAN of course) as part of their daily job functions. Your company has implemented an acceptable-use policy for all employees that includes a general prohibition on using company computing resources to conduct inappropriate activities, such as downloading copyrighted music and videos, participating in online gambling, visiting "adult-oriented" web sites, and posting sensitive company information to blogs, message boards, or similar sites. Your company is considering deploying content-filtering software to help enforce this policy, but is not sure whether the cost and potentially over-broad restrictions imposed by the software would be justified. As a knowledgeable security analyst, you voice an educated opinion that you can use Snort, the company's chosen NIDS tool, to help monitor network activity and provide information that might support a decision about whether content filtering software is warranted.

The Assignment: Pick a web site that fits one or more of the prohibited categories above (or something similarly likely to fall on the wrong side of "acceptable use"), and create the necessary ruleset to use within Snort to fire an alert whenever an attempt is made to connect to, access, browse, or otherwise visit the site you have chosen. Stated simply, you want to be alerted if any internal network user tries to access the site you have chosen. Set up your ruleset and your Snort configuration to load the rule in Snort. Then, with Snort running and including your ruleset, open a browser and visit the prohibited site you have chosen. Verify that your rule fires when this happens. Your completed homework assignment should contain the following:

1. The "unacceptable" site you selected.
2. The ruleset created to detect attempts to visit the site.
3. The Snort output produced when the rule fired and the alert was generated (a screenshot of the terminal window showing Snort running with console output or a copy of the ASCII log file is sufficient).


Attachment:- ASSIGNMENT.rar

Reference no: EM13313447

Questions Cloud

What is the speed at which the satellite travels : A satellite is in a circular orbit about the earth (ME = 5.98 x 1024 kg). The period of the satellite is 2.11 x 104 s. What is the speed at which the satellite travels
Find the energy stored in the capacitor when fully chaged : A 0.350-{\rm m}-long cylindrical capacitor consists of a solid conducting core with a radius of 1.25mm, Calculate the energy stored in the capacitor when fully charged
Determine max value of dz if the flow is to remain laminar : The slope of the hill is such that for each 1.5 km of horizontal distance, the change in elevation is dz meter. Determine the maximum value of dz if the flow is to remain laminar, with a temperature of T=20°C and pressure all along the pipe is con..
What is the time period of a single beat of the flys wings : a fly beats its wings at a frequency of 1200 Hz. if the expansion and contraction of the wing muscles of the fly exhibits simple harmonic motion, what is the time period of a single beat of the flys wings
Create necessary ruleset to use within snort to fire alert : Pick a web site that fits one or more of the prohibited categories above (or something similarly likely to fall on the wrong side of "acceptable use"), and create the necessary ruleset to use within Snort to fire an alert.
Calculate how much water would the aquifer produce : The specific storage of a 45-m thick confined aquifer is 3.0 X 10^-5 m^-1. How much water would the aquifer produce if the piezometric surface is lowered by 10 m over an area of 1 km^2
What is the speed at which the spring leaves the wall : a spring is pressed against a wall so that it is compressed by 0.25 m (ie it is 0.25 m shorter than its equilibrium length). what is the speed at which the spring leaves the wall
Determine water level rise in an unconfined aquifer produced : Determine the water level rise in an unconfined aquifer produced by a seasonal precipitation of four inches. The aquifers porosity is 20 percent and its specific retention is 9 percent.
How long does it take for platform to make one revolution : A spring scale on a rotating platform indicates that the horizontal force on a 0.606 kg mass is 1.57 N, How long does it take for the platform to make one revolution

Reviews

Write a Review

Case Study Questions & Answers

  Obtain a copy of a written contract

Obtain a copy of a written contract that is available in Australia from the net or another source. For example you could download one of the many online contracts you are asked to agree to before accessing a site or entering an online contract.

  Details of the task using tesco plc

Details of the task Using Tesco plc (www.tesco.com) as a case study, prepare a report of no more than 2,500 words that:

  Explain the differences in the water level

Explain the differences in the water level, 80% of the nonconservers in the pairs reached conservation, whereas only 50% reached conservation in general education classroom instruction.

  Lego - case study

Case study on lego I want 10 slides for presentation if you have any question please ask me or any confusions and I want around 1700 words with the reference

  Case study on carpark system

Split the carpark system into two subsystems suitable for (more or less) independent development. Describe these subsystems with a few words, including how they will communicate.

  Case study zero-effort crowdsourcing for indoor localization

Radio Frequency (RF) fingerprinting, based onWiFi or cellular signals, has been a popular approach to indoor localization. However, its adoption in the real world has been stymied by the need for sitespecific calibration.

  Mintendo game girl case study

Which option delivers the maximum profit for the supply chain: Sandra's plan, Bill's plan, or no promotion plan at all? How does the answer change if a discount of $10 must be given to reach the same level of impact that the $5 discount received?

  The social economy: finding a way between market and state

Write 900 word summary for given case study. Summary should be less than 20%, more on your personal reflection and opinion.

  Review tarmac business case for diversity

Review Tarmac's Business Case for Diversity and the Learning Resources. Think about Tarmac's approach to managing diversity and how it relates to organisational behaviour concepts and human resource processes.

  Write a report which contains a listing of your program

A tubular post of square cross section, designed to support a uniformly distributed load on a horizontal platform, is shown in Figure A. The principal stresses and maximum shear stresses at points A and B at the base of the post have to be determi..

  Area of collection and insurance processing

How would Michele use her practicum experience to help her concentrate on improving her skills in the area of collection and insurance processing?

  Carry out a pestel audit of angola

What potential obstacles might SINOPEC encounter as it attempts to integrate and expand its international presence? How can it overcome these obstacles?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd