+
EXAMINE THE FOLLOWING SNORT RULE, DESIGNED TO DETECT...

EXAMINE THE FOLLOWING SNORT RULE, DESIGNED TO DETECT...

Rating:
Rating
(0)
Author: Carol 96
Description:

http://theperfecthomework.com/examine-the-following-snort-rule-designed-to-detect-attempts-by-an-organizations-employees-to-access-a-gambling-website-in-violation-of-acceptable-use-policy/

EXAMINE THE FOLLOWING SNORT RULE, DESIGNED TO DETECT ATTEMPTS BY AN ORGANIZATION’S EMPLOYEES TO ACCESS A GAMBLING WEBSITE IN VIOLATION OF ACCEPTABLE USE POLICY.

Examine the following Snort rule, designed to detect attempts by an organization’s employees to access a gambling website in violation of acceptable use policy. This rule is syntactically valid and will produce alerts when a user visits the Powerball lottery website with a web browser. With an eye towards minimizing false positives, identify five ways the rule could be improved to more specifically target employees accessing the Powerball website.
 
alert ip any any -> $EXTERNAL_NET any (msg:”Acceptable use violation – Gambling – Powerball”; flow:stateless; content:”powerball”; nocase; sid:3333333; rev:1;)


(more)
See More
Try a College Course Free

Sophia’s self-paced online courses are a great way to save time and money as you earn credits eligible for transfer to over 2,000 colleges and universities.*

Begin Free Trial
No credit card required

25 Sophia partners guarantee credit transfer.

221 Institutions have accepted or given pre-approval for credit transfer.

* The American Council on Education's College Credit Recommendation Service (ACE Credit®) has evaluated and recommended college credit for 20 of Sophia’s online courses. More than 2,000 colleges and universities consider ACE CREDIT recommendations in determining the applicability to their course and degree programs.

Tutorial