Embedded Files
Scenario
Scenario
Intrusion detection systems are designed to search network activity (we are considering both host and network IDS detection) for evidence of malicious abuse. When an IDS algorithm “detects” some sort of activity and the activity is not malicious or suspicious, this detection is known as a false positive. It is important to realize that from the IDS’s perspective, it is not doing anything incorrectly. Its algorithm is not making a mistake. The algorithm is just not perfect. IDS designers make many assumptions about how to detect network attacks.
An example assumption could be to look for extremely long URLs. Typically, a URL may be only 500 bytes long. Telling an IDS to look for URLs longer than 2000 bytes may indicate a denial of service attack. A false positive could result from some complex e-commerce websites that store a wide variety of information in the URL and exceed 2000 bytes.
In order to become an expert penetration tester and security administrator, you must possess sound knowledge of network intrusion prevention systems (IPSes), intrusion detection systems (IDSes), identify network malicious activity and log information, and stop or block malicious network activity.
Lab Objectives
Lab Objectives
The objective of this lab is to make students learn and understand IPSes and IDSes. In this lab, you need to:
Detect hackers and worms in a network
Provide network security
Lab Analysis
Lab Analysis
In this lab, you have learnt how to use encrypting/decrypting commands and generating hashes and checksum files. Analyze and document the results related to the lab exercise. Give your opinion on your target’s security posture and exposure.
Report abuse