The world has to deal with newly released vulnerabilities on a daily basis. These vulnerabilities eventually lead to active exploits of systems, and it is our job as cyber security professionals to stop that from happening.
I would like for each of you to research a different set of (5) vulnerabilities have been release since Jan 1, 2010 and report back on(I should see 4 separate answers/signatures for each of the 5 vulnerabilities you choose):
1) What systems, services are affected;
2) What attack vectors could be used to exploit the vulnerable systems;
3) What mitigation factors could be used to stop the attack of the vulnerability;
4) We are going to build IDS signatures using English terms and not technical terms. I would like for each of you to explain how you would build an "IDS Signature" to help detect each of the (5) vulnerabilities. Some basics of the IDS rules:
- Source/Destination Ports
- Source/Destination IP's
- Source/Destination protocol
- Unique detection string (network sensor)
- Unique application behavior (Host sensor)
- Location of sensor (Host or network)
- Timed sensor
- Multiple hits
- Action (Alert, firewall block, log)
- Exceptions
- Take into consideration false positives and false negatives