Build an IDS signature using English terms and not technical terms. Explain how you would build an "IDS Signature" to help detect the following:
1) A host on the internet is performing recon across your subnet, looking for machines that are responsive. The hacker is using the simple tool of "ping" to do his/her recon.
2) A hacker on the internet is performing a port scan looking for active web servers (both un-secure and secure versions).
3) A user stumbles upon a wonderful application named nmap. They decide to do a little bit of ready about the product, and fires it up. While running the nmap tool they cross your subnet.
4) A user on your network has some extra time on their hands and decides to perform some web surfing from their desk. They stumble upon a web page that tells that about this great location in Florida and welcomes them to fly down. In one of the pictures of the resort, is an embedded vulnerability when viewed by a vulnerable system. With your security hat on, you find that this vulnerability always has the following hex string in the file: x00 x09 x01 x00 x01 x00 x00.