• Choose a category
• All
• Classic-Fiction

2. Choose Software and then Install and Remove Software. Search for snort.

3. Check the box when the package appears.

4. Click Accept. If any dependency messages appear, click Continue to add them as well.

5. Swap CDs as prompted and exit YaST upon completion.

6. To use the snort utility, open a terminal session and type snort. This generates an error message that lists all the options that you can use with the utility.

Lab 4.4: Make File Extensions Visible in Windows XP

By default, the extensions for known file types do not appear in many Windows-based operating systems, such as Windows XP. Knowing what the extension is, however, can help you readily identify what type of file it is—executable, document, and so on. To make file extensions visible, follow these steps:

1. Click Start Control Panel Folder Options.

2. Choose the View tab.

3. Choose the Show Hidden Files and Folders radio button.

4. Deselect the Hide Extensions for Known File Types check box.

5. Click OK and exit from Control Panel. You’ll now be able to see the extensions on file-names.

Lab 4.5: Monitor Network Traffic in Linux

There are a number of ways in which network traffic can be monitored, but the best approach is to use ntop. The following steps install this utility and illustrate its usage on a SuSE server:

1. Log in as root and start YaST.

2. Choose Software and then Install and Remove Software. Search for ntop and choose to install the package.

3. Exit YaST upon completion of the installation.

4. Open a terminal session and type rcntop start to start the ntop daemon. A message appears that states that the administrator password has not yet been set.

5. Type ntop -A -u wwwrun.

6. Enter a password for the administrative user. Reenter the password when prompted. Check to see if ntop is running (ps -ef | grep ntop). If it is not, repeat the command in step 5.

7. Open Konqueror and go to http://localhost:3000.

8. On the first line of ntop, pick All Protocols.

9. On the second line, pick Traffic, and you will see a summary of all traffic that has occurred since the program has been running. Select Throughput and Activity to gather statistics on those items.

10. You can log the data (Admin, Log) and shut down ntop (Admin, Shutdown) from this interface as well.

Review Questions

1. Which of the following can be used to monitor a network for unauthorized activity? (Choose two.)

a. Network sniffer

b. NIDS

c. HIDS

d. VPN

2. You’re the administrator for Acme Widgets. After attending a conference on buzzwords for management, your boss informs you that an IDS should be up and running on the network by the end of the week. Which of the following systems should be installed on a host to provide IDS capabilities?

a. Network sniffer

b. NIDS

c. HIDS

d. VPN

3. Which of the following is an active response in an IDS?

a. Sending an alert to a console

b. Shunning

c. Reconfiguring a router to block an IP address

d. Making an entry in the security audit file

4. A junior administrator bursts into your office with a report in his hand. He claims that he has found documentation proving that an intruder has been entering the network on a regular basis. Which of the following implementations of IDS detects intrusions based on previously established rules that are in place on your network?

a. MD-IDS

b. AD-IDS

c. HIDS

d. NIDS

5. Which IDS function evaluates data collected from sensors?

a. Operator

b. Manager

c. Alert

d. Analyzer

6. During the creation of a new set of policies and procedures for network usage, your attention turns to role definition. By default, which of the following roles is responsible for reporting the results of an attack to a system operator or administrator?

a. Alert

b. Manager

c. Analyzer

d. Data source

7. What is a system that is intended or designed to be broken into by an attacker called?

a. Honeypot

b. Honeybucket

c. Decoy

d. Spoofing system

8. An emergency