Post-Lab Questions
Please enter the answers to these questions into your lab notebook.
1. Intrusion detection and anti-virus systems come with signature
sets installed. Why is it important to keep signatures
updated?
2. False alarms occur when an IDS indicates an attack has taken
place when it really hasn't (false positive) or when a real
attack takes place for which no alarm is raised. Which is
worst (explain)?
3. Firewalls can be set to be inclusive or exclsive. Describe
and compare both modes.
4. If you were an adversary and wanted to avoid being detected by
an IDS, what might you do?
5. If you were a security analyst and knew that your adversaries
were trying to avoid being detected, what might you do?