Post-Lab Questions

Please enter the answers to these questions into your lab notebook.

1. Intrusion detection and anti-virus systems come with signature sets installed. Why is it important to keep signatures updated?

2. False alarms occur when an IDS indicates an attack has taken place when it really hasn't (false positive) or when a real attack takes place for which no alarm is raised. Which is worst (explain)?

3. Firewalls can be set to be inclusive or exclsive. Describe and compare both modes.

4. If you were an adversary and wanted to avoid being detected by an IDS, what might you do?

5. If you were a security analyst and knew that your adversaries were trying to avoid being detected, what might you do?