preview

Certified Ethical Hacking

Satisfactory Essays
Lab #9 - Assessment Worksheet
Investigating and Responding to Security Incidents

Course Name and Number: CSS280-1501A-01 Ethical Hacking
Student Name: ***** ******
Instructor Name: ***** ******
Lab Due Date: 2/9/2015
Overview

In this lab, you acted as a member of the incident response team who had been assigned an incident response in the form of a help desk trouble ticket. You followed the phases of a security incident response to investigate the event, contain the malware, eradicate the suspicious files, re-test the system in readiness for returning it to service, and complete a detailed security incident response report in the provided template. You used AVG
…show more content…
You also used the OpenVAS scanning tool to scan the TargetSnort virtual machine to test the Snort configuration and see exactly what circumstances trigger an IDS alert.
Lab Assessment Questions & Answers 1. What is the difference between an IDS and an IPS?
The main difference between one system and the other is the action they take when an attack is detected in its initial phases (network scanning and port scanning). * The Intrusion Detection System (IDS) provides the network with a level of preventive security against any suspicious activity. The IDS achieves this objective through early warnings aimed at systems administrators. However, unlike IPS, it is not designed to block attacks. * An Intrusion Prevention System (IPS) is a device that controls access to IT networks in order to protect systems from attack and abuse. It is designed to inspect attack data and take the corresponding action, blocking it as it is developing and before it succeeds, creating a series of rules in the corporate firewall, for example. 2. Why is it important to perform a network traffic baseline definition analysis?
So the administrator can ensure that the presence, absence, amount, direction,
Get Access