When running Snort IDS why might there be no Alerts?
If we only went to a few web sites, why are there so many alerts?
What are the advantages of logging more information in the alerts file
What the disadvantages of logging more information in the alerts file
What are the advantages of using rule sets for the Snort web site?
Describe in plain English at least one type of ruleset you would want to add a high level security network and why?
If a person with malicious intent were to get to your network and have read/write access to your IDS log how could they use that information to their advantage
An intrusion prevention system can either wait until it has all of the information it needs, or can allow packets through based on statistics (guess or previously known facts) what are the advantages and disadvantages of each approach?
So, the bad guy decides to do a Denial of Service on your Intrusion Prevention System. At least two things can happen; the system can allow all traffic through (without being check) or can deny all traffic until the system comes back up. What are the factors that you must consider in making this design decision?
What did you find particularly useful about this lab (please be specific)? What if anything was difficult to follow? What would you change to make it better?.