Question
When running Snort IDS why may there be no Alerts?
If we only went to a few web sites, why are there so several alerts?
What are benefits of logging more information in the alerts file
what the drawback of logging more information in the alerts file
what is the gain of using rule sets for Snort web site?
Explain in plain English at least one type of ruleset you would want to add a high level security network and why with reason?
If a person with malicious intent were to get to your network and have read or write access to your IDS log how might they use that information to their advantage
An intrusion prevention system be able to either wait until it has all of the information it needs, or be able to allow packets throughout based on statistics (guess or previously known facts) what are advantages and disadvantages of each approach?
So, bad guy decides to do a Denial of Service on your Intrusion Prevention System. At least two things can happen; the system can permit all traffic through (without being check) or be able to deny all traffic until the system comes back up. What are the factors that you must consider in making this design choice?
What did you find particularly useful about this lab (please be specific)? What if anything was complex to follow? What would you change to create it better?