User Account

All Pages

What is a multi-event signature

Assignment Help Computer Network Security
Reference no: EM132190643

Part 1: Essay Question

In 2003, a well-publicized report from IT analyst firm Gartner predicted that the market for stand-alone IDS tools would soon disappear, and urged Gartner clients to cease investing in IDS tools in favor of firewalls. Clearly, the obsolescence of IDS tools by 2005 did not occur as Gartner predicted, due in part to significant increases in the technological capability, processing speed, and accuracy of IDS tools in the nearly 10 years since the erroneous prediction.

Contemporary enterprises have a wide array of network and platform security tools from which to choose, and as we have seen in this course there is substantial overlap in the capabilities of different categories of tools such as firewalls, IDS, anti-malware, vulnerability scanners, and so forth. What factors would exert the most influence on an organization and lead it to choose to implement IDS? In your response please identify potential benefits of IDS, potential drawbacks, and any considerations about an organization's operating environment that might drive its decision.

Part 2: Short Answer Questions

1. What are the operational requirements necessary to perform anomaly-based intrusion detection? How does the information gathered about network traffic by anomaly-based IDS tools differ from the information gathered by signature-based NIDS?

2. IDS is a great way to capture forensic evidence for the activity of systems (including intrusion), however, there is inherent problems with using IDS logs as legal evidence because of the possibility for manipulation of the data and therefore credibility of the evidence. Describe the requirements on log data to be admissible as legal evidence.

3. Imagine you are tasked with monitoring network communication in an organization that uses encrypted transmission channels. What are the limitations of using intrusion detection systems in this environment? What methods would you employ to accomplish this task?

4. Describe how Distributed Denial-of-service (DDoS) attacks such as smurf attack may be detected and alerted using Snort.

5. Explain the following Snort rule. What sort of attack is it intended to detect? What network traffic pattern information is it looking for?

6. Write a Snort rule with the following functions:
a. Looks for the case-insensitive string in all traffic matched by the rule header.
b. Skips the first 12 bytes of each packet before starting search, for efficiency

7. Most network IDS tools are designed to optimize performance analyzing traffic using a variety of protocols specific to TCP/IP wired networks. Describe at least two intrusion detection scenarios where specialized types of monitoring and analysis are called for, explaining what limitations exist in conventional NIDS that make them insufficient to provide effective intrusion detection in the environments corresponding to these scenarios.

8. What is a multi-event signature? Provide at least two examples of multi-event signature activities or patterns that might be monitored with an intrusion detection system.

9. Snort rule has a metadata field, with zero or more policy values. Describe currently available policy values along with explanations.

10. Describe what the "fast_pattern" modifier means in Snort rules. Also, explain the differences between "fast_pattern" and "fast_pattern:only" modifiers with examples.

11. Describe the meaning of the following content options used in a Snort rule with matching and unmatching examples:

content:"GET"; depth:3; content:"downloads"; distance:10; within:9;

12. Define and differentiate false positive and false negative. Which is worse, and why? Give one example of each, drawn from any context that demonstrates your understanding of the terms.

Reference no: EM132190643

Questions Cloud

What is their purpose for the hero and for the audience : Don Quixote has a side-we see this commonly in Actions movies, "hero" movies or television shows.
Write an essay about an actor : Write a 250 word essay about an actor and what made their acting "good" or "bad". Please use specific examples from the show.
Briefly describe your chosen peer-reviewed article : Briefly describe your chosen peer-reviewed article. What is the main research question/thesis of the article
Analyze the colors used in the rooms : Analyze the colors used in the rooms and objects in Poe's "Masque of the Red Death." What do they represent? Who do you think is the narrator?
What is a multi-event signature : INFA 630 - Intrusion Detection and Intrusion Prevention - Define and differentiate false positive and false negative. Which is worse, and why? Give one example
Discuss the fundamental actions that the leadership taking : Discuss the fundamental actions that the leadership of the selected country is - or is not - taking to improve the living standards of its people
How would you measure the effectiveness of your company : How would you measure the effectiveness of your company's IT and MIS investment?
Develop a project management plan for the implementation : Your organization believes that personal health record (PHR) technology could help their constituents have access to a medical record anywhere and anytime.
What are the advantages of using erp : As an IT manager, discuss how your company will use Enterprise Resource Planning (ERP) to integrate the various functions of an entity.

Reviews

len2190643

12/10/2018 11:57:22 PM

I want an expert on Information and system security with good English, plagiarism free and with report. Please follow instruction as specified in the question. The test is worth 25% of your grade for the course. It is scored on the basis of 100 points for the test.

len2190643

12/10/2018 11:56:14 PM

When composing your answers to the essay questions, be thorough. Do not simply examine one alternative if two or more alternatives exist. The more complete your answer, the higher your score will be. Be sure to identify any assumptions you are making in developing your answers, and describe how your answer would change if the assumptions were different. While composing your answers to the essay questions, be very careful to cite your sources. It is easy to get careless and forget to footnote a source. Remember, failure to cite sources constitutes an academic integrity violation. Use APA style for citations and references. In preparing your exam for submission, please follow these instructions precisely: 1. Use this document as a template, i.e., fill in your answers in the indicated locations. 2. Modify the header to show your name. 3. Submit your completed exam as a Microsoft Word or RTF document via your LEO

len2190643

12/10/2018 11:56:07 PM

You are to take this test during the week of 10. Work alone. You may not confer with other class members, or anyone else, directly or by e-mail or otherwise, regarding the questions, issues, or your answers. You may use your notes, textbooks, other published materials, the LEO site for this class, and Internet sources, keeping in mind your responsibility to give proper attribution to sources of material you use in your responses. The test is worth 25% of your grade for the course. It is scored on the basis of 100 points for the test. For the short answer section, bear in mind that a clear concise response that directly answers the question asked is always preferable to providing large volumes of potentially relevant information in the hope that the “right” answer will somehow be included.

Write a Review

Computer Network Security Questions & Answers

  Write one or two paragraphs about middleware

Write one or two paragraphs 300-400 words using examples of all three types of citations (a), (b) and (c). The research topic is Middleware.

  Report about performance optimization of voip network

Prepare report about performance optimization of VoIP network using riverbed Modeler - You need to prepare this report to this steps

  Prepare a technical paper about network security

Prepare a Technical Paper about Network Security for a Small Accounting Firm. The firm realizes that it needs help to secure its network and customers' data. With your background and skills, the firm is looking to you to provide guidance.

  Describe an md5 hashing algorithm

Describe the differences between an MD5 hashing algorithm and an SHA1 hashing algorithm, outlining the strengths and weaknesses of each hashing algorithm.

  Potential threats to a bank using mobile technology

Your goal is to identify the potential threats to a bank using mobile technology and rank them in terms of risk. To calculate risk, you will need to rank each threat in terms of severity and likelihood- ITECH3215-7215

  Conduct research about different sniffing tools

Conduct research and gain knowledge about different sniffing tools. Solve complex problems in secure wireless network designs.

  What can it do to improve its situation

1) A firm's marginal rate of technical substitution at M P L/M P = 3, and the ratio of prices of labor and capital ,w/r, is 4.

  What are the technical implications for business continuity

What are the technical, economic, and managerial implications for business continuity and disaster recovery plans in relation to cloud computing and SaaS?

  How use of such control may affect democracy and society

How the use of such control may affect democracy and society. For this Discussion, you will view and react to Pariser's TED Talk online.

  Description of des encryption feistel structure algorithm

Prove that y’ = c(y) (i.e., if we complement the plaintext and the key, then the ciphertext is also complemented). [This is Question 3.3 of the textbook. Hint: this can be proved using the “high-level” description of DES encryption Feistel structure ..

  Analyze objectives of an effective network security program

Analyze the objectives of an effective network security program in an international organization. Analyze the categories of tools that are available.

  What should be considered in an acceptable use policy

What should be allowed as acceptable behavior when using corporate information resources?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd