User Account

All Pages

Create necessary ruleset to use within snort to fire alert

Assignment Help Case Study
Reference no: EM13313447

Over the last two weeks we focused in our readings on specific ways in which network and host-based IDS tools could be used to identify different threats, look for interesting events, or monitor types of behavior. Your third homework assignment asks that you apply both your technical knowledge and your practical knowledge of IDS in order to come up with a way to monitor for a specific type of behavior. This assignment is also intended in part to highlight the potential for effective use of NIDS tools for detecting internal threats, despite the fact that some of your reading has suggested NIDS is poorly suited for this type of task.

The Scenario: Assume that you are a security analyst working for a medium-sized company where many employees use computers connected to the Internet (as well as to the internal company LAN of course) as part of their daily job functions. Your company has implemented an acceptable-use policy for all employees that includes a general prohibition on using company computing resources to conduct inappropriate activities, such as downloading copyrighted music and videos, participating in online gambling, visiting "adult-oriented" web sites, and posting sensitive company information to blogs, message boards, or similar sites. Your company is considering deploying content-filtering software to help enforce this policy, but is not sure whether the cost and potentially over-broad restrictions imposed by the software would be justified. As a knowledgeable security analyst, you voice an educated opinion that you can use Snort, the company's chosen NIDS tool, to help monitor network activity and provide information that might support a decision about whether content filtering software is warranted.

The Assignment: Pick a web site that fits one or more of the prohibited categories above (or something similarly likely to fall on the wrong side of "acceptable use"), and create the necessary ruleset to use within Snort to fire an alert whenever an attempt is made to connect to, access, browse, or otherwise visit the site you have chosen. Stated simply, you want to be alerted if any internal network user tries to access the site you have chosen. Set up your ruleset and your Snort configuration to load the rule in Snort. Then, with Snort running and including your ruleset, open a browser and visit the prohibited site you have chosen. Verify that your rule fires when this happens. Your completed homework assignment should contain the following:

1. The "unacceptable" site you selected.
2. The ruleset created to detect attempts to visit the site.
3. The Snort output produced when the rule fired and the alert was generated (a screenshot of the terminal window showing Snort running with console output or a copy of the ASCII log file is sufficient).


Attachment:- ASSIGNMENT.rar

Reference no: EM13313447

Questions Cloud

What is the speed at which the satellite travels : A satellite is in a circular orbit about the earth (ME = 5.98 x 1024 kg). The period of the satellite is 2.11 x 104 s. What is the speed at which the satellite travels
Find the energy stored in the capacitor when fully chaged : A 0.350-{\rm m}-long cylindrical capacitor consists of a solid conducting core with a radius of 1.25mm, Calculate the energy stored in the capacitor when fully charged
Determine max value of dz if the flow is to remain laminar : The slope of the hill is such that for each 1.5 km of horizontal distance, the change in elevation is dz meter. Determine the maximum value of dz if the flow is to remain laminar, with a temperature of T=20°C and pressure all along the pipe is con..
What is the time period of a single beat of the flys wings : a fly beats its wings at a frequency of 1200 Hz. if the expansion and contraction of the wing muscles of the fly exhibits simple harmonic motion, what is the time period of a single beat of the flys wings
Create necessary ruleset to use within snort to fire alert : Pick a web site that fits one or more of the prohibited categories above (or something similarly likely to fall on the wrong side of "acceptable use"), and create the necessary ruleset to use within Snort to fire an alert.
Calculate how much water would the aquifer produce : The specific storage of a 45-m thick confined aquifer is 3.0 X 10^-5 m^-1. How much water would the aquifer produce if the piezometric surface is lowered by 10 m over an area of 1 km^2
What is the speed at which the spring leaves the wall : a spring is pressed against a wall so that it is compressed by 0.25 m (ie it is 0.25 m shorter than its equilibrium length). what is the speed at which the spring leaves the wall
Determine water level rise in an unconfined aquifer produced : Determine the water level rise in an unconfined aquifer produced by a seasonal precipitation of four inches. The aquifers porosity is 20 percent and its specific retention is 9 percent.
How long does it take for platform to make one revolution : A spring scale on a rotating platform indicates that the horizontal force on a 0.606 kg mass is 1.57 N, How long does it take for the platform to make one revolution

Reviews

Write a Review

Case Study Questions & Answers

  Case study of the business of your choice

This assessment requires you to identify and describe a notable example of business invention, entrepreneurship, or innovation of an existing business of your choice.

  Krispy kreme financially healthy at year-end 2004

Is Krispy Kreme financially healthy at year-end 2004 and in light of your answer to question 1, what accounts for the firm's recent share price decline?

  Case study on carpark system

Split the carpark system into two subsystems suitable for (more or less) independent development. Describe these subsystems with a few words, including how they will communicate.

  Proposal about a personal leadership

Write a 3 pages a proposal about a personal leadership, the purpose of this project is to have an opportunity to be a leader, to see if we like being a leader or not, a chance to apply what learning about leadership, and if don’t like being a leader ..

  Compare japan competitor and a u.s. competitor product

Firm has contacted you to participate in a focus group. The focus group will compare a Japan competitor product (J) and a U.S. competitor product (U) against China firm's product - compare a Japan competitor product (J) and a U.S. competitor produc..

  What is conscientious socializing

Conscientious socializing is described in Chapters 9. What is conscientious socializing? What are the tasks/activities that can be conducted through conscientious socializing? What are the benefits of this method?

  Discuss critically infosys current and future strategy

Discuss critically Infosys current and future strategy. What advice would you give Kris Gopalakrishnan and KShop has resulted in information overload among staff. What operational measures would you suggest to overcome such challenges?

  How does nsi provide service desk support

Our clients, mainly teachers, are on deck for many hours a day, way beyond the capacity to staff a help desk phone line for 14 hours a day. CIS3008 - Information technology service management.

  What are the common manifestations of alcoholic cirrhosis

What are the common manifestations of alcoholic cirrhosis? Which of these are secondary to hepatocellular failure? Which are secondary to portal hypertension?

  Business process analysis and technology solution proposal

Business Process Analysis and Technology Solution Proposal;, Using the case provided, propose a 'technology solution' for improving the process identified in Stage 1 and explain how the solution would support the organization's strategic objectives.

  Case study of the business of your choice

Report - Case Study of the Business of Your Choice,  This assessment requires you to identify and describe a notable example of business invention, entrepreneurship, or innovation of an existing business of your choice.

  Krispy kreme case study

KRISPY KREME CASE STUDY,

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd