Assets and attacks prevention, detection, and deterrence

Intrusion detection (Exercise 4.16)

This lab demonstrates use of an intrusion detection system to detect malicious behavior such against vulnerable services, applications, the host system etc. We use a tool called snort. Exercise done in pairs i.e attacker+defender.

Report:

• Record the target IP address, How does snort signify the source and destination addresses on the defenders console?
• What rule did you write to log attempts to connect to http from any host not on your network?
• What does your logfile reveal?

Alternative version of this lab is on this page.

Attack surface reduction (Exercise 4.6)

This exercise demonstrates attack surface reduction i.e. limiting access to services and functionality that are not currently being used.

Report:

• Why do we deny access to the root account from ssh?
• In bind hardening why do we limit operation of the allow-transfer, version options?
• What other system options can be limited to harden the system more?

Alternative version of this lab is on this page.