Csec630 Lab 2 Essay

1121 Words5 Pages
Lab 2 – CSEC630

1. When running Snort IDS why might there be no alerts?

When using Snort IDS, there are several modes that if configured properly, will generate alerts. Alerts are set by the user within the command prompt when initiating a rule set. There are five alerting options available with Snort IDS. According to (Roesch, 1999), Alerts may either be sent to syslog, logged to an alert text file in two different formats, or sent as Win-Popup messages using the Samba smbclient program. If there has been no alerts, the selected rule set was set may not have been enabled by the user. Another scenario where alerts may not occur is when another task is being performed. According to (Roesch, 1999) when alerting is unnecessary
…show more content…
5. What are the advantages of using rule sets from the snort web site?
There are several advantages of using the existing rule sets already created on the Snort web site. One advantage of using the existing rules is that they have been created to work effectively against the common vulnerabilities. Creating your own rule sets require a working knowledge of Snort and having the outcome of the created rule may not yield the desired effect that the administrator is seeking.
6. Describe (in plain English) at least one type of rule set you would want to add to a high level security network and why?
A rule set that I would add to a high level network would be an app-detect rule. With this rule the traffic that occurs in various applications that deal with the network would be controlled. This is especially important because if an application within the network is compromised, it could be utilized to gain access to the network.
7. If a person with malicious intent were to get into your network and have read/write access to your IDS log or rule set how could they use that information to their advantage?
If someone with malicious intent was to gain read/write access to your IDS log or rule set, they could use that information to determine how your IDS was configured. Especially if detailed logging is set up. The information could provide the information of what rule sets are being utilized based on the

More about Csec630 Lab 2 Essay

Get Access