The world has to deal with newly released vulnerabilities on a daily basis. These vulnerabilities eventually lead to active exploits of systems, and it is our job as cyber security professionals to stop that from happening.
I would like for each of you to research a set of (5) vulnerabilities have been release since Jan 1, 2008 and report back on(I should see 4 separate answers/signatures for each of the 5 vulnerabilities you choose):
1) What systems, services are affected;
2) What attack vectors could be used to exploit the vulnerable systems;
3) What mitigation factors could be used to stop the attack of the vulnerability;
THEN using what you have learned in the class
4) We are going to build IDS signatures using English terms and not technical terms. I would like for each of you to explain how you would build an "IDS Signature" to help detect each of the (5) vulnerabilities. Some basics of the IDS rules:
Source/Destination Ports
Source/Destination IP's
Source/Destination protocol
Unique detection string (network sensor)
Unique application behavior (Host sensor)
Location of sensor (Host or network)
Timed sensor
Multiple hits
Action (Alert, firewall block, log)
Exceptions
Take into consideration false positives and false negatives