Lab2 Snort Essay

1318 Words6 Pages
Lab2- Snort and Wireshark Samba Lompo CSEC630 1. When running Snort IDS why might there be no alerts? There are couple reasons when running Snort IDS there might be no alerts. The first one could be related to settings because the administrator has to set Snort IDS to its optimum settings in order to get any alerts. Since Snort works by ruleset, it can be mistakenly set up to a port other than what the network is using. The mistake can be done by either keeping the Snort default settings, or when users try to adjust them to their own network requirements. The point is when changing Snort default settings to rules other than what the website provided, the administrator might have disabled a packet sniffing on a specific port…show more content…
Finally, gathering all this information would enable the network administrator adjust the IDS to attacks specific to the network. 4. What are the disadvantages of logging more information to the alerts file? The disadvantage of logging more information to the alerts file is that it would reveal all the weaknesses and defenses of the network to an attacker. Also having that information, the attacker can tailor his attack by using all other ports that are not being scanned by the IDS. Worst the system can be compromise without anyone noticing. 5. What are the advantages of using rule sets from the snort web site? The advantages of using rule sets from the Snort website is that Snort has a very flexible rule sets configuration which can enable the administrator to write his own rule sets based on previously seen vulnerability. This flexibility therefore can help the administrator insert new rule sets into the rule base for a newly found attack. Also each rule is developed and tested using the same rigorous credentials and standards the VRT uses for Sourcefire customers. 6. Describe (in plain English) at least one type of ruleset you would want to add to a high level security network and why? Couple of rules that can be added to a high level security network could be: Exploit Rules: This Rule is to detect direct exploits and generally if we are looking for a windows exploit, such as Veritas, etc, they

More about Lab2 Snort Essay

Get Access