Assignment: Intrusion Detection and Intrusion Prevention
Part 1
1. Identify, describe, and compare the two primary methodologies used by network intrusion detection systems; in other words, the two major ways that NIDS tools work. In your analysis, describe at least three ways in which the two types of NIDS are similar, and at least three ways in which they differ. (Min 2 Paragraph or More for each answers)
2. Identify and briefly describe the two major points of emphasis when developing rules (that is, how signatures are written) for signature-based network-based IDS tools. Is one approach preferred over the other? Explain why. . (Min 2 Paragraph or More for each answers)
3. Describe what a pre-processor does in a network-based IDS tool such as Snort. Demonstrate your understanding of this functionality by citing two examples of pre-processors and explaining what function they serve in the process of network traffic analysis and intrusion detection. . (Min 2 Paragraph or More for each answers)
4. If an attacker knew a network-based IDS like Snort was running in a targeted environment, how might the attacker try to penetrate the network while avoiding detection? Provide at least two examples of IDS evasion techniques that might be used by an attacker, and suggest a remedy or defense against the techniques you cite. . (Min 2 Paragraph or More for each answers)
5. Describe how a host-based intrusion detection system works, briefly contrasting it with network-based intrusion detection. Explain three types of threats that can be countered effectively by using HIDS tools. . (Min 2 Paragraph or More for each answers)
6. Examine the following screen-shot of a short packet capture in Wireshark. Describe the sequence of packets exchanged between the two systems participating in the conversation. What sort of traffic has been captured? What action is occurring in the sequence shown on the screen? . (Min 2 Paragraph or More for each answers)
Part 2: IDS Placement. (20 points) Please refer to the accompanying network diagram as you consider and respond to the following:
Global Corporation, Inc. (GCI) is a fictional company providing business services to a variety of clients across many industries, including commercial and government entities. GCI recently finished construction of a new corporate headquarters, which includes the network infrastructure for primary company operations. You are a security analyst specializing in intrusion detection brought in by GCI to help determine the most appropriate kinds of IDS to use and most effective IDS placements to protect their network.
GCI's network uses a conventional three-zone architecture: devices exposed to the Internet are part of an un-trusted outer zone; Internet-accessible services such as the company website and email are in a demilitarized zone; and major systems and servers supporting both Internet-facing and internal applications as well as internal computing resources such as the corporate LAN are in a trusted zone. Each of these zones is segmented from the others using hardware-based firewalls; the corporate databases are further protected behind their own dedicated firewall. GCI allows employees remote access to the corporate LAN using either VPN or dial-up connections.
Identify the locations throughout the GCI network where you would recommend IDS to be deployed. Each of the components in the accompanying GCI-HQ Network diagram is lettered to simplify your references to the diagram. For network connections between devices and layers, you may assume for the purposes of this exercise that all components in a given zone share the same network segment. For each placement you recommend, please note the type of IDS to be deployed and any specific considerations that should be taken into account to ensure the effective monitoring of the location. . (Min 4 Paragraphs or More for each answers)
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.
Attachment:- Network-Diagram.rar