CS 450/650 Fundamentals of Integrated Computer Security

Spring 2012

Lab 1: Intrusion Detection and Prevention Systems

Due on Monday, Mar 12 at 11:00 am

Make sure you read the Intrusion Detection chapter posted on WebCampus.

Complete the 1st lab exercise posted on WebCampus and when applicable insert snapshots of your configuration to answer in-lab questions.


Additional In-Lab Questions

  1. What would the snort configuration line be to monitor the 192.168.15.0 /16 network?
  2. What would the snort configuration line be to monitor the 192.168.15.15 /16 host?
  3. What would the rule header be for snort to ignore a packet?
  4. What would the snort rule be to log traffic from any IP address and port to port 23 on the host 192.168.1.15 ?

Post-Lab Questions

Complete the following problems from the book.

Chapter 8: 2, 4 and 7

Chapter 9: 1, 3, 4, 5, 6, 7 and 11


What to turn in A soft-copy of your results and answers to the questions to be uploaded to WebCampus.