Explain three types of threats against which HIDS is particularly effective.ĥ. Describe how host-based intrusion detection works, briefly contrasting it with network-based intrusion detection. What sort of traffic has been captured? What is happening in the sequence shown on the screen? Please provide as much details as possible for each packet.Ĥ. Describe the sequence of packets exchanged between the two systems participating in the conversation. Examine the following screen-shot of a short packet capture in Wireshark. Provide pros and cons of each approach.ģ. after a firewall (i.e., on local network side). When you are placing an NIDS sensor in a network with a firewall, there are 2 choices – placing it before a firewall (i.e., on internet-side) vs. Please give a detailed explanation on each factor.Ģ. Describe factors you need to consider in making a decision on whether an IDS needs to be deployed in a home network or not. (120 words each) completely and cite all sources of information.ġ. For each placement you recommend, please note the type of IDS to be deployed and any specific considerations that should be taken into account to ensure the effective monitoring of the location. For network connections between devices and layers, you may assume for the purposes of this exercise that all components in a given zone share the same network segment. Each of the components in the accompanying GCI-HQ Network diagram is lettered to simplify your references to the diagram. Identify the locations throughout the GCI network where you would recommend IDS to be deployed. GCI allows employees remote access to the corporate LAN using either VPN or dial-up connections. Each of these zones is segmented from the others using hardware-based firewalls the corporate databases are further protected behind their own dedicated firewall. GCI’s network uses a conventional three-zone architecture: devices exposed to the Internet are part of an un-trusted outer zone Internet-accessible services such as the company website and email are in a demilitarized zone and major systems and servers supporting both Internet-facing and internal applications as well as internal computing resources such as the corporate LAN are in a trusted zone. You are a security analyst specializing in intrusion detection brought in by GCI to help determine the most appropriate kinds of IDS to use and most effective IDS placements to protect their network. GCI recently finished construction of a new corporate headquarters, which includes the network infrastructure for primary company operations.
(GCI) is a fictional company providing business services to a variety of clients across many industries, including commercial and government entities. Please refer to the accompanying network diagram as you consider and respond to the following: Must be written in American writing style. Use APA style for citations and references. Remember, failure to cite sources constitutes an academic integrity violation. It is easy to get careless and forget to footnote a source. While composing your answers, be VERY careful to cite your sources.
Be sure to identify any assumptions you are making in developing your answers and describe how your answer would change if the assumptions were different.
The more complete your answer, the higher your score will be. Do not simply examine one alternative if two or more alternatives exist. When composing your answers, be thorough. Wherever possible, make sure answers are stated in your own words, and where applicable provide your own examples, rather than repeating the ones used in the course materials. Wherever possible, make sure answers are stated in your own words, and where applicable provideĬlick here to Order a Custom answer to this Question from our writers. Intrusion Detection And Intrusion Prevention Instructions