CramX Logo
RegisterLog in
CSEC 640: Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing - Document preview page 1

CSEC 640: Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing - Page 1

Document preview content for CSEC 640: Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing

CSEC 640: Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing

A revised lab manual for CSEC 640, focusing on monitoring, auditing, intrusion detection, and penetration testing in cybersecurity.

Claire Mitchell
Contributor
4.5
0
12 months ago
Preview (5 of 14 Pages)
100%
Log in to unlock
Page 1 of 5
CSEC 640: Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing - Page 1 preview imageCSEC 640: Monitoring, Auditing, Intrusion Detection, IntrusionPrevention, and Penetration Testing1.Using Snort and Wireshark, analyze a packet trace file to detect network intrusions. Writesix distinct Snort rules and explain each rule's functionality, including the alert generatedfor each.(Word count requirement: 300-350 words)2.Discuss the purpose of the various flags used in the Snort command snort-r snort.out-P5000-c csec640.rules-e-X-v-k none-l log.(Word count requirement: 150-200 words)3.Review the Gimmiv.A exploit and discuss the vulnerabilities it targets and suggestpossible mitigation strategies.(Word count requirement: 200-250 words)
Page 2 of 5
CSEC 640: Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing - Page 2 preview image
Page 3 of 5
CSEC 640: Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing - Page 3 preview imageLabExercise#2:Working with Snort & Wiresharkfor IntrusionDetectionAbstract:This lab is intended to provide experience with the Snort and Wireshark programs.Snort is a simple and powerful network monitoring agent. We will provide you with apacket trace and you will write snort rules to identify specific packet types.I.Tools required for this lab:Access to UMUC-VM machine with Snort and Wireshark installed.The packet trace,snort.out, available from the UMUC-VM site.II.Pre-lab Background:Below is suggested background reading to help you complete the questions:Wireshark homepagehttp://www.wireshark.org/Specifically, the FAQ and the Documentation links:http://www.wireshark.org/faq.htmlhttp://www.wireshark.org/docs/Snort homepage:http://www.snort.orgSnort FAQ:http://www.snort.org/snort/faq/Snort Overview:https://www.procyonlabs.com/snort_manual/2.9/node2.html
Page 4 of 5
CSEC 640: Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing - Page 4 preview image(If the above link is broken, then google-search the following document:Snort User Manual 2.9.0 by the Snort Project (published in Dec 2010) ).How to Write Snort Rules and Keep Your Sanity:http://biblio.l0t3k.net/ids/en/snort-users-manual/chap2.htmlhttp://searchsecurity.techtarget.com/tip/Modifying-and-writing-custom-Snort-IDS-rulesThemodifying and writingsnort rules document above is an especially helpfulreference for writing the snort rules needed for this lab.Step1.Read the step-by-step instructions inCyberlabVPNAccess640.doc to access VPN.Step2. Read the step-by-step instruction inCyberlabVMAccess640.docx to connect to VM.
Page 5 of 5
CSEC 640: Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing - Page 5 preview imageIII.Lab Exercises: snort3.1Please complete the following exercises. You are required to submit alab write up containing answers to questions asked for each task.Snort is similar to tcpdump, but has cleaner output and a more versatile rulelanguage. Just like tcpdump, snort will listen to a particular interface, or read apacket trace from a file.You will be using a previously captured tracefile (snort.out). Commonly securityadministrators are asked to look at a packet trace to analyze a recent attack. In thislab, we are going to examine this trace file within Wireshark and learn how to useSnort to read traces and to write new snort rules. The trace doesn't contain aparticular attack in progress, but instead several different distinct types ofquestionable packets.Start Wireshark on your virtual machine from the start menu.Next, click on theOpenoption under theFilesheader in the middle of thescreen, and selectc:\snort\bin\snort.outin the open dialog.WireShark will display the packets in the trace file listed in rows in three panes. Thetop pane contains an overview of the trace file. The middle pane shows details for
Preview Mode

This document has 14 pages. Sign in to access the full document!

Study Now!

X-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

University
University of Maryland
Course
CSEC 640
Subject
Information Technology

Related Documents

View all
Class Notes

DevOps and Its Importance Study Notes

Past Exams

Veeam Certified Engineer VMCE-V12

Past Exams

Modules 1 - 3 Basic Network Connectivity and Commu

Class Notes

Notes CCNA

Class Notes

CCNA 200-301 Portable Command Guide 5th Edition 20

Class Notes

CCNA 200-301 Portable Command Guide 5th Edition 22

Class Notes

CCNA 200-301 Portable Command Guide 5th Edition 36

Class Notes

Foundations of Novell Networking Section 26

Class Presentation

Modulo 7 DHCPv4

Class Notes

Build and troubleshooting Integration Challenge