1. When running Snort IDS why might there be no alerts?
When using Snort IDS, there are several modes that if configured properly, will generate alerts. Alerts are set by the user within the command prompt when initiating a rule set. There are five alerting options available with Snort IDS. According to (Roesch, 1999), Alerts may either be sent to syslog, logged to an alert text file in two different formats, or sent as Win-Popup messages using the Samba smbclient program. If there has been no alerts, the selected rule set was set may not have been enabled by the user. Another scenario where alerts may not occur is when another task is being performed. According to (Roesch, 1999) when alerting is unnecessary …show more content…
Advantages of an IPS allowing packets through based on statistics is that additional rules could be added to block any traffic attempting to exploit a vulnerability as it occurs. A disadvantage of allowing packets through is the same as allowing packets through until the IPS has what it needs. Packets that get to the network could create additional vulnerabilities.
9. So, the “bad guy” decides to do a Denial of Service on your Intrusion Prevention System.
At least two things can happen, the system can allow all traffic through (without being checked) or can deny all traffic until the system comes back up. What are the factors that you must consider in making this design decision?
One of the factors to consider if all network traffic is allowed to get through is that the network would be