1
SEC450 ACL Tutorial
This document highlights the most important concepts on Access Control List (ACL) that
you need to learn in order to configure ACL in CLI. This tutorial does not intend by any
mean to cover all ACL applications, but only those scenarios used in then SEC450
iLabs.
Introduction to Access Control List
A host-based firewall essentially works closing and/or opening ports in a
computer. The engine behind firewalls is built with Access Control Lists (ACL).
Network-based firewalls are implemented in device-specific appliances and
routers. Basically, firewalls in routers filter packets through interfaces to permit
or deny them.
Ports are layer-4 address specified in TCP/IP protocol suit that identify
networking processes running in clients and servers.
ACLs are configured using shell-specific commands. In Cisco IOS, CLI
commands access-list and access-group are used to create and apply ACL on
an interface.
ACL can be named by number ID or a name. Naming ACL is useful to identify
ACL’s purpose.
ACL are classified in Standard ACL, and Extended ACL.
Standard ACL’s number IDs are assigned from 1 to 99. Extended ACL’s number
IDs are from 100 to 199.
Standard ACL only uses source IP address in an IP packet to filter through an
interface. Hence, standard ACL denies or permits all packets (IP) with the same
source IP regardless upper protocols, destination IP address, etc. Example 1:
Router(config)#access-list 8 deny host 172.12.3.5
Extended ACL does filtering packets based on protocol, source IP address,
source port number, destination IP address and destination port number.
Example 2: Router(config)#access-list 102 deny tcp host 10.0.3.2 host
2
172.129.4.1 Deny tcp packets with source IP address 10.0.3.2 and destination IP
address 172.129.4.1.
Since, Standard ACLs only have source IP address; the rule is to apply them in
an interface as closer as possible to the concerning destination network.
For the contrary, the rule for Extended ACLs is to apply them in an interface as
closer as possible to the source IP address.
Use Extended ACL in all iLabs as they are more granular on packets to filter.
Create Extended ACL in global configuration
You can use access-list command options lt, gt, eq, neq, range (less than,
greater than, equal, not equal, range of ports) to do operation with port numbers.
Example 3: access-list 102 deny tcp any host 11.23.45.7 gt 20 denies all
packets with any source IP address to destination IP address 11.23.45.7 and
destination tcp port greater than 20.
Example 4: access-list 107 permit udp any any permits all packets with udp
protocol with any source IP address to any destination IP address.
Extended ACL can do packet filtering based on source port number and
destination port number.
Extended ACL Syntax can be as follows:
access-list <#,name> <protocol> ...
Student Name _________________________________ Date _____________SE.docxemelyvalg9
Student Name _________________________________ Date _____________SEC450 iLab3 Report
Initial Configuration ISP Router
version 12.3(4)T7
!
hostname ISP_Router
!
interface FastEthernet0/0
ip address 200.100.0.1 255.255.255.0
!
interface FastEthernet1/0
ip address 200.100.40.1 255.255.255.0
!
interface Serial0/0
ip address 200.100.10.1 255.255.255.0
!
interface Serial0/1
ip address 200.100.20.1 255.255.255.0
!
router rip
network 200.100.0.0
network 200.100.10.0
network 200.100.20.0
network 200.100.40.0
!
line con 0
line aux 0
line vty 0 4
password cisco
line vty 5 15
password cisco
!
end
Note: RED text indicates the required questions to answer
Task to Set up Security Policy for Offsite Database Server
#1. Explain the meaning of the "three P's" best practice rule to create ACL in routers
#2. Explain the difference between the following two access-list commands
a) access-list 101 permit tcp any any eq 80
b) access-list 101 permit tcp any eq 80 any
#3. What are well-known, registered, and ephemeral UDP/TCP ports?
#4. What is wrong with ACL 105?
access-list 105 permit tcp any any
access-list 105 deny tcp host 201.141.0.3 any
#5. What well-known TCP port does Oracle Database (sql net) server use?
#6. A company is managing an Oracle Database located in a Public Server to support day-to-day operations in Dallas and Chicago networks. The company has requested its Internet Access Provider (ISP) to create the necessary ACL at the ISP router securing that only responses from Oracle server to certain hosts are allowed to enter Dallas and Chicago LANs.
ISP network engineers decided to use extended ACL, and applies it to F0/0 interface in ISP router. Why did they decide to create an extended ACL and apply it in interface F0/0 for inbound traffic?
#7. Copy below ISP router’s initial running-config file from page 2, and add the commands needed to create and apply the ACL in the ISP router.
Answer all questions in this document and upload it in Week 3 iLab Dropbox.
3
Revision Date: 1103
1
SEC450 ACL Tutorial
This document highlights the most important concepts on Access Control List (ACL) that
you need to learn in order to configure ACL in CLI. This tutorial does not intend by any
mean to cover all ACL applications, but only those scenarios used in then SEC450
iLabs.
Introduction to Access Control List
A host-based firewall essentially works closing and/or opening ports in a
computer. The engine behind firewalls is built with Access Control Lists (ACL).
Network-based firewalls are implemented in device-specific appliances and
routers. Basically, firewalls in routers filter packets through interfaces to permit
or deny them.
Ports are layer-4 address specified in TCP/IP protocol suit that identify
networking processes running in clients and servers.
ACLs are configured using shell-specific commands. In Cisco IOS, CLI
commands.
Student Name _________________________________ Date _____________SE.docxemelyvalg9
Student Name _________________________________ Date _____________SEC450 iLab3 Report
Initial Configuration ISP Router
version 12.3(4)T7
!
hostname ISP_Router
!
interface FastEthernet0/0
ip address 200.100.0.1 255.255.255.0
!
interface FastEthernet1/0
ip address 200.100.40.1 255.255.255.0
!
interface Serial0/0
ip address 200.100.10.1 255.255.255.0
!
interface Serial0/1
ip address 200.100.20.1 255.255.255.0
!
router rip
network 200.100.0.0
network 200.100.10.0
network 200.100.20.0
network 200.100.40.0
!
line con 0
line aux 0
line vty 0 4
password cisco
line vty 5 15
password cisco
!
end
Note: RED text indicates the required questions to answer
Task to Set up Security Policy for Offsite Database Server
#1. Explain the meaning of the "three P's" best practice rule to create ACL in routers
#2. Explain the difference between the following two access-list commands
a) access-list 101 permit tcp any any eq 80
b) access-list 101 permit tcp any eq 80 any
#3. What are well-known, registered, and ephemeral UDP/TCP ports?
#4. What is wrong with ACL 105?
access-list 105 permit tcp any any
access-list 105 deny tcp host 201.141.0.3 any
#5. What well-known TCP port does Oracle Database (sql net) server use?
#6. A company is managing an Oracle Database located in a Public Server to support day-to-day operations in Dallas and Chicago networks. The company has requested its Internet Access Provider (ISP) to create the necessary ACL at the ISP router securing that only responses from Oracle server to certain hosts are allowed to enter Dallas and Chicago LANs.
ISP network engineers decided to use extended ACL, and applies it to F0/0 interface in ISP router. Why did they decide to create an extended ACL and apply it in interface F0/0 for inbound traffic?
#7. Copy below ISP router’s initial running-config file from page 2, and add the commands needed to create and apply the ACL in the ISP router.
Answer all questions in this document and upload it in Week 3 iLab Dropbox.
3
Revision Date: 1103
1
SEC450 ACL Tutorial
This document highlights the most important concepts on Access Control List (ACL) that
you need to learn in order to configure ACL in CLI. This tutorial does not intend by any
mean to cover all ACL applications, but only those scenarios used in then SEC450
iLabs.
Introduction to Access Control List
A host-based firewall essentially works closing and/or opening ports in a
computer. The engine behind firewalls is built with Access Control Lists (ACL).
Network-based firewalls are implemented in device-specific appliances and
routers. Basically, firewalls in routers filter packets through interfaces to permit
or deny them.
Ports are layer-4 address specified in TCP/IP protocol suit that identify
networking processes running in clients and servers.
ACLs are configured using shell-specific commands. In Cisco IOS, CLI
commands.
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfadityacommunication1
Lab8 Controlling traffic using Extended ACL
Objectives
Perform basic configuration tasks on a router.
Applying Static routes and default route.
Exploring the routing table entry.
Applying Extended (named) access control lists (ACLs).
Testing the access control lists (ACLs).
Required Resources
2 Cisco Routers (1841)
2 Cisco Switches (2950-24)
3 Computers
UTP (straight through and cross over) cables
Tasks:
A. Build up the topology.
B. Perform Basic Router Configurations
Steps:
1. Connect the components as shown in Fig 1.
2. Configure the router hostname to match the topology diagram.
3. Configure IP addresses and masks on all devices.
4. Configure a loopback interface (loopback 0) on R2 to simulate the ISP. (search on the internet
how to configure loopback interface)
C. Enable Static route for all networks.
Steps:
1. For Router 1
R1(config)# ip route 192.168.20.0 255.255.255.0 serial 0/0/0
Default root can be configured as:
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2
2. For Router 2
R2(config)# ip route 192.168.10.0 255.255.255.0 serial 0/0/1
R2(config)# ip route 192.168.11.0 255.255.255.0 serial 0/0/1
D. Verify full IP connectivity using the ping command and the routing table of routers.
Step#1:
For R1 and R2, use the command show ip route, take a snapshot for the resulting routing table,
and discuss the outputs:
*Routing table of R1(Screenshoot)
*Routing table of R2 (Screenshot)
Step#2:
Make sure that the whole network nodes can ping each other.
Before configuring and applying this ACL, be sure to test connectivity from Laptop1 to the
loopback interface (ISP - 209.165.200.225)
E. Configuring an Extended ACL
In this section, you are configuring an extended ACL on R1 that blocks traffic originating from any
device on the 192.168.10.0/24 network to access the 209.165.200.255 host (the simulated ISP).
This ACL will be applied outbound on the R1 Serial 0/0/0 interface.
Steps:
1. Configure a named extended ACL.
R1(config)#ip access-list extended EXTEND-1
R1(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 host 209.165.200.225
2. Apply the ACL.
With standard ACLs, the best practice is to place the ACL as close to the destination as possible.
Extended ACLs are typically placed close to the source.
R1(config)#interface serial 0/0/0
R1(config-if)#ip access-group EXTEND-1 out
3. Test the ACL.
From Laptop1; ping the loopback interface on R2.
R1(config-ext-nacl)#permit ip any any
**Please provide full code and screenshoots from Cisco packet tracer.
Table -1 begin{tabular}{|c|ccc|} hline Device & Interface & IP Address & Default Gateway & & & R1
& Fa0/0 & 192.168.10.1/24 & N/A & Fa0/1 & 192.168.11.1/24 & N/A & So/0/0 & 10.1.1.1/24 & N/A
& Fa0/1 & 192.168.20.1/24 & N/A R2 & So/0/1 & 10.1.1.2/24 & N/A & loopback 0 &
209.165.200.225/8 & N/A & & & & & 192.168.10.10/24 & 192.168 .10 .1 hline Laptop1 & NIC &
192.168.11.10/24 & 192.168 .11 .1 hline Laptop2 & NIC & 192.168.20.254/24 & 192.168 .20 .1
hline hline PC3 & NIC & & hline end{tabular}.
Cyber terrorism, by definition, is the politically motivated use.docxdorishigh
Cyber terrorism, by definition, is the politically motivated use of computers and information technology to cause severe disruption or widespread fear in society. The Center for Strategic and International Studies reported in March 2019 that Chinese Hackers targeted at least 27 Universities to steal Naval Technologies research, being one of many cyber-terrorist attacks. Besides these attacks, Hacktivism is a cyber-attack either by legal or illegal digital means in the pursuit of political ends, free speech, and the right of free speech. A most notable example would be the group Anonymous conducting numerous hacks from 2008 to 2012 against companies, organizations, and even governments that go against their moral codes. Behind the Tunisia Operation in 2010, Anonymous took down eight government websites with DDOS (Distributed Denial of Service) attacks in support of Arab Spring movements. Between the two Cyberterrorism is meant to instill fear and panic in society. At the same time, Hacktivism brings about a voice or an opposition to the government and other organizations to support a cause against them. Hacktivism is more politically based, pointing out flaws in the system raising awareness on our rights as human beings. Advances in technology lead to newer and different types of attacks either group can conduct. From viruses waiting for you to log into your bank account to massive-scale attacks against the banks' systems themselves, terrorists, or hacktivists, have infinite ways to infiltrate and attack for their cause. Many laws have been put in place to combat these groups, acts put in place such as Cybersecurity Information Sharing Act (CISA) or Cybersecurity Enhancement Act of 2014 helping share information and build research and development to fight against cyber-attacks. Given the push against both groups by our government, I can't help but feel concern for our rights and freedoms that may be infringed upon that our government or some corporation is doing while combating the whistleblower with Hacktivist tactics. It only keeps me and others mindful while fighting against cyberattacks that may be classified as cyberterrorism. There is a fine line on what would be a genuine noble act of hacking or something labeled as cyberterrorism placing information and lives at risk, its not so black and white as some areas can be considered grey. Thankfully some events in history, thanks to Hacktivism has brought good results that benefit society, such as Operation "Nice" which organized to hunt down the terrorist responsible for attacks in the French city, killing nearly a hundred people. Also, Operation Darknet which infiltrated 40 child pornography websites publishing 1500 plus names of frequent visitors to the sites stopping such activity. In these instances, I am for hacktivism and specific groups that act for the benefit of society and our rights as humans.
Cyberterrorism. (n.d.). Retrieved from
https://www.dictionary.com/browse/cyberterroris.
More Related Content
Similar to 1 SEC450 ACL Tutorial This document highlights.docx
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfadityacommunication1
Lab8 Controlling traffic using Extended ACL
Objectives
Perform basic configuration tasks on a router.
Applying Static routes and default route.
Exploring the routing table entry.
Applying Extended (named) access control lists (ACLs).
Testing the access control lists (ACLs).
Required Resources
2 Cisco Routers (1841)
2 Cisco Switches (2950-24)
3 Computers
UTP (straight through and cross over) cables
Tasks:
A. Build up the topology.
B. Perform Basic Router Configurations
Steps:
1. Connect the components as shown in Fig 1.
2. Configure the router hostname to match the topology diagram.
3. Configure IP addresses and masks on all devices.
4. Configure a loopback interface (loopback 0) on R2 to simulate the ISP. (search on the internet
how to configure loopback interface)
C. Enable Static route for all networks.
Steps:
1. For Router 1
R1(config)# ip route 192.168.20.0 255.255.255.0 serial 0/0/0
Default root can be configured as:
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2
2. For Router 2
R2(config)# ip route 192.168.10.0 255.255.255.0 serial 0/0/1
R2(config)# ip route 192.168.11.0 255.255.255.0 serial 0/0/1
D. Verify full IP connectivity using the ping command and the routing table of routers.
Step#1:
For R1 and R2, use the command show ip route, take a snapshot for the resulting routing table,
and discuss the outputs:
*Routing table of R1(Screenshoot)
*Routing table of R2 (Screenshot)
Step#2:
Make sure that the whole network nodes can ping each other.
Before configuring and applying this ACL, be sure to test connectivity from Laptop1 to the
loopback interface (ISP - 209.165.200.225)
E. Configuring an Extended ACL
In this section, you are configuring an extended ACL on R1 that blocks traffic originating from any
device on the 192.168.10.0/24 network to access the 209.165.200.255 host (the simulated ISP).
This ACL will be applied outbound on the R1 Serial 0/0/0 interface.
Steps:
1. Configure a named extended ACL.
R1(config)#ip access-list extended EXTEND-1
R1(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 host 209.165.200.225
2. Apply the ACL.
With standard ACLs, the best practice is to place the ACL as close to the destination as possible.
Extended ACLs are typically placed close to the source.
R1(config)#interface serial 0/0/0
R1(config-if)#ip access-group EXTEND-1 out
3. Test the ACL.
From Laptop1; ping the loopback interface on R2.
R1(config-ext-nacl)#permit ip any any
**Please provide full code and screenshoots from Cisco packet tracer.
Table -1 begin{tabular}{|c|ccc|} hline Device & Interface & IP Address & Default Gateway & & & R1
& Fa0/0 & 192.168.10.1/24 & N/A & Fa0/1 & 192.168.11.1/24 & N/A & So/0/0 & 10.1.1.1/24 & N/A
& Fa0/1 & 192.168.20.1/24 & N/A R2 & So/0/1 & 10.1.1.2/24 & N/A & loopback 0 &
209.165.200.225/8 & N/A & & & & & 192.168.10.10/24 & 192.168 .10 .1 hline Laptop1 & NIC &
192.168.11.10/24 & 192.168 .11 .1 hline Laptop2 & NIC & 192.168.20.254/24 & 192.168 .20 .1
hline hline PC3 & NIC & & hline end{tabular}.
Cyber terrorism, by definition, is the politically motivated use.docxdorishigh
Cyber terrorism, by definition, is the politically motivated use of computers and information technology to cause severe disruption or widespread fear in society. The Center for Strategic and International Studies reported in March 2019 that Chinese Hackers targeted at least 27 Universities to steal Naval Technologies research, being one of many cyber-terrorist attacks. Besides these attacks, Hacktivism is a cyber-attack either by legal or illegal digital means in the pursuit of political ends, free speech, and the right of free speech. A most notable example would be the group Anonymous conducting numerous hacks from 2008 to 2012 against companies, organizations, and even governments that go against their moral codes. Behind the Tunisia Operation in 2010, Anonymous took down eight government websites with DDOS (Distributed Denial of Service) attacks in support of Arab Spring movements. Between the two Cyberterrorism is meant to instill fear and panic in society. At the same time, Hacktivism brings about a voice or an opposition to the government and other organizations to support a cause against them. Hacktivism is more politically based, pointing out flaws in the system raising awareness on our rights as human beings. Advances in technology lead to newer and different types of attacks either group can conduct. From viruses waiting for you to log into your bank account to massive-scale attacks against the banks' systems themselves, terrorists, or hacktivists, have infinite ways to infiltrate and attack for their cause. Many laws have been put in place to combat these groups, acts put in place such as Cybersecurity Information Sharing Act (CISA) or Cybersecurity Enhancement Act of 2014 helping share information and build research and development to fight against cyber-attacks. Given the push against both groups by our government, I can't help but feel concern for our rights and freedoms that may be infringed upon that our government or some corporation is doing while combating the whistleblower with Hacktivist tactics. It only keeps me and others mindful while fighting against cyberattacks that may be classified as cyberterrorism. There is a fine line on what would be a genuine noble act of hacking or something labeled as cyberterrorism placing information and lives at risk, its not so black and white as some areas can be considered grey. Thankfully some events in history, thanks to Hacktivism has brought good results that benefit society, such as Operation "Nice" which organized to hunt down the terrorist responsible for attacks in the French city, killing nearly a hundred people. Also, Operation Darknet which infiltrated 40 child pornography websites publishing 1500 plus names of frequent visitors to the sites stopping such activity. In these instances, I am for hacktivism and specific groups that act for the benefit of society and our rights as humans.
Cyberterrorism. (n.d.). Retrieved from
https://www.dictionary.com/browse/cyberterroris.
Cyber Security Threats
Yassir Nour
Dr. Fonda Ingram
ETCS-690
Cybersecurity Research Seminar
Date: 02/08/2019
1. Denial-of-Service (DoS) Attacks
A denial-of-service (DoS) is any kind of assault where the assailants (programmers) endeavor to keep real clients from getting to the service.
Programmer sends undesirable high volumes of traffic through the system until it ends up stacked and can never again work.
https://www.incapsula.com/ddos/ddos-attacks/denial-of-service.html
2
Company and summary of how the threat affected the firm
Deezer, an online music streaming service, says it was affected by a vast scale DDoS assault on June 7 through a botnet, which brought about the organization's site being down for a few hours.
https://www.theguardian.com/technology/2014/jun/10/deezer-user-data-hack-attack-ddos
3
Possible
Solution
s
These threats could been avoided by:
Reinforcing the security frameworks and servers
WAFs (Web Application Firewalls) are an incredible instrument to use against these assaults as they give you more command over your web traffic while perceiving malicious web misuses.
2. Malware
A malware assault is a sort of cyber-attack in which malware or malicious programming performs exercises on the unfortunate casualty's PC system, more often than not without his/her insight.
In straightforward words, it is a code with the expectation to takes information or obliterates something on the PC.
https://us.norton.com/internetsecurity-malware.html
5
Company and summary of how the threat affected the firm
Onslow Water and Sewer Authority (OWASA) on October 15, 2018, was assaulted by Ryuk ransomware making huge harm to the association's system and brought about various databases and systems being modified starting from the group up.
The ransomware corrupted vast quantities of endpoints and requested higher payments than what we ordinarily observe (15 to 50 Bitcoins).
https://blog.malwarebytes.com/cybercrime/malware/2019/01/ryuk-ransomware-attacks-businesses-over-the-holidays/
6
Possible
.
Cyber Security in Industry 4.0Cyber Security in Industry 4.0 (.docxdorishigh
Cyber Security in Industry 4.0
Cyber Security in Industry 4.0 (IEEE) Using Emerging Technology to Improve Compliance As cyber threats, malicious software, and cyber-attacks continue to escalate in sophistication, and no industry can remain immune to these threats. The IEEE has used industry-inspired advances in innovation and implementation to promote the highest level of cybersecurity standards for the most robustly protected information and communication technology infrastructure, from networks and telecommunication systems through websites, digital certificates, and passwords, and other software-based systems (Ardito et al., 2019). This Enhanced Canada Cybersecurity Standards and Certificates (ECCS&C) project strives to provide a common framework for enhanced cybersecurity across all sectors. The fourth industrial revolution is referred to as cybersecurity in Industry 4.0 and is encompassing three discrete components: machine learning, artificial intelligence, and automation.The effects of these four technologies will most certainly impact the processes and processes aspects of technology adoption. Over the next decade, we will most certainly see further and the further rise of robotics (Ardito et al., 2019).
The industrial revolution will begin with smart factory security systems. For now, those systems are secure, but many manufacturers will soon provide safeguards against attack and malware threats to help prevent malware attacks and lawsuits. The processes can look simple like a boiler next to a giant hexagon. For example, all these processes would trigger heating or cooling at some point, and the heating or cooling can be controlled by digital control boxes connected to a smart grid (Shi et al., 2019).
The industrial network will soon have more people connected in more complex networks, such as industrial warehouses. All of these buildings can communicate with each other and can remotely activate or deactivate automation systems to reduce manufacturing costs. The need for the defense, control, and monitoring of systems and networks. The blockchain is the most viable platform for these purposes (Shi et al., 2019). Decentralization is gaining respect and confidence on a global scale, and so there is a renewed emphasis on the blockchain in the industry. There is an abundance of articles on the blockchain's potential and benefits for companies. For example, more than fifty articles are covering the blockchain's potential for authentication, threat modeling, and development of social payment interfaces. Companies are beginning to explore smart contracts and smart systems for security, reputation, and data. All in all, it seems that all the evidence points to blockchain technology as the future of the financial industry (Shi et al., 2019).
References
Ardito, L., Petruzzelli, A. M., Panniello, U., & Garavelli, A. C. (2019). Towards Industry 4.0. Business Process Management Journal.
Shi, L., Chen, X., Wen, S., & Xiang, Y. (2019, December)..
Cyber Security Gone too farCarlos Diego LimaExce.docxdorishigh
Cyber Security Gone too far
Carlos Diego Lima
Excelsior College
BNS301 National Security Ethics and Diversity
How far is it too far when protecting the peoples' rights in cyberspace and its national security? In an ever-evolving cyber world, many states tend to infringe on citizens' cyber information privacy for their own accord. Sometimes governments overstep boundaries and bend the rules to protect the land and overstep the peoples' privacy to enforce rules and regulations. My final paper will analyze rules and regulations within the Cybersecurity realm within the United States. The National Security Strategy is a good guideline on the laws and what the U.S is looking to implement soon. This paper intends not to make conspiracy theories to show facts and existing laws and regulations on how the citizens' privacy has no longer been protected and some examples of historical events. (Snowden) had an ethical dilemma when he made his decisions. My paper will include my opinions and the bullet points below to construct a good argument on how the U.S can protect its citizens' privacy.
· National Security Strategy
· Cyber laws within the United States
· Privacy Laws
· Phone settings
· Phone Companies and laws sharing information to the government
· Internal agencies search and espionage laws
Edgar, T. H. (2017). Beyond Snowden privacy, mass surveillance, and the struggle to reform the NSA. Washington, D.C: Brookings Institution Press.
J., T. P., & Upton, D. (2016). Cyber security culture: Counteracting cyber threats through organizational learning and training. Routledge.
Miloshoska, D., & Smilkovski, I. (2016).
Http://uklo.edu.mk/filemanager/HORIZONTI 2017/Horizonti serija A volume 19/14. Security and trade facilitation - the evidence from Macedonia- Milososka, Smilkovski.pdf.
HORIZONS.A, 19, 153-163. doi:10.20544/horizons.a.19.1.16.p14
Omand, D. (2018). Principled Spying: The Ethics of Secret Intelligence. Georgetown University Pre Omand, D. (2018). Principled Spying: The Ethics of Secret Intelligence. Georgetown University Press.
Zimmerman, R. (2015). The Department of Homeland Security: Assessment, recommendations, and appropriations. New York: Nova.
Running Head: METHODS, RESULTS AND DISCUSSION 1
METHODS, RESULTS AND DISCUSSION
Kaytlin De Los Santos
Florida International University
METHODS, RESULTS AND DISCUSSION 2
Methods, Results and Discussion
Methods
Participants
One hundred and thirty-nine participants were randomly selected and requested to fill a
questionnaire during the study. Every one of the 48 researchers looked for about 3 participants
each who were strangers to them or students at FIU. The participants needed to have not taken a
psychology research methods class in the fall of 2019.
Male participants for the study were 53 which accounted 38.1% while female participants
were 86 which accounted for 61.9% of the total number of particip.
CW 1R Checklist and Feedback Sheet Student Copy Go through this.docxdorishigh
CW 1R Checklist and Feedback Sheet: Student Copy
Go through this checklist before you submit your CW 1R assessment. You can also use this sheet to make notes on your tutor’s feedback in the following areas. This information will be essential when you are improving your draft.
Tutor’s comments
Part 3
Is your referencing complete and accurate?
Part 1
Have you evaluated the required number of sources?
Have you included all the sources in your evaluation in your list?
Is it clear how you have identified your sources as reliable and appropriate for academic use? Have you considered a number of aspects eg. currency, authority, etc?
Are your sources all clearly relevant to your topic?
Have you explained the key points or identified useful data from each source? Have you explained points in your own words?
Have you noted how you will use the source in your essay? Will it support a point / provide data / offer a counter-argument?
Have you identified the relationship between the information you have read? Do articles support an argument presented in another source? Provide additional information? Offer an alternative view?
Part 2
Have you included all your sources in part 2 in your outline?
Is your introduction clear? Have you included: the background /context for your essay? An overview of the essay structure?
Is your position clear?
Does your position relate to the main body of the essay? Do all your points relate to your position?
Is the development of your argument logical throughout your outline? Do any paragraphs seem repetitive / irrelevant or out of place?
For each paragraph
Is it clear how each paragraph develops your argument?
Does each paragraph focus and develop one key point?
Is the topic sentence clear?
Do the supporting points develop the topic sentence?
Is there clear evidence / data to support your points?
Are citations included for the support you will use?
Have you used more than one source for each paragraph?
Conclusion
Does your conclusion effectively answer your question?
1
BERNICE BOBS HER HAIR
by
F. Scott Fitzgerald
After dark on Saturday night one could stand on the first tee
of the golf-course and see the country-club windows as a
yellow expanse over a very black and wavy ocean. The
waves of this ocean, so to speak, were the heads of many
curious caddies, a few of the more ingenious chauffeurs, the
golf professional's deaf sister--and there were usually several
stray, diffident waves who might have rolled inside had they
so desired. This was the gallery.
The balcony was inside. It consisted of the circle of wicker
chairs that lined the wall of the combination clubroom and
ballroom. At these Saturday-night dances it was largely
feminine; a great babel of middle-aged ladies with sharp eyes
and icy hearts behind lorgnettes and large bosoms. The main
function of the balcony was critical. It occasionally showed
grudging admira.
CW 1 Car Industry and AIby Victoria StephensonSubmission.docxdorishigh
CW 1 Car Industry and AI
by Victoria Stephenson
Submission date: 03-Jan-2020 12:53PM (UTC+0000)
Submission ID: 1239134764
File name: 14900_Victoria_Stephenson_CW_1_Car_Industry_and_AI_278016_1651532176.docx (39.1K)
Word count: 2448
Character count: 13114
Overall structure looks clear, but what is the main focus of paragraph
5?
Non-academic source
Referencing error
Good point /
s
Pt 1. Search method
issue 1
This is not the title of the article - it is 'Driving Tests Coming for Autonomous Cars'. Make sure your referencing
is accurate.
Pt 1. Search method
issue
This article does not come up on a Google Scholar
search.
G
oo
d
so
ur
ce
s
el
ec
tio
n
R
ef
er
en
ci
ng
e
rr
or
P
t 2
. C
le
ar
s
ou
rc
e
ev
al
ua
tio
n
G
oo
d
po
in
t /
s
P
t 2
. G
oo
d,
c
le
ar
in
di
ca
tio
n
of
h
ow
s
ou
rc
e
w
ill
b
e
us
ed
.
2
P
t 2
. G
oo
d,
c
le
ar
s
up
po
rt
pr
ov
id
ed
G
oo
d
so
ur
ce
s
el
ec
tio
n
P
t 2
. C
le
ar
s
ou
rc
e
ev
al
ua
tio
n
P
t 2
. G
oo
d,
c
le
ar
in
di
ca
tio
n
of
h
ow
s
ou
rc
e
w
ill
b
e
us
ed
.
P
t 2
. G
oo
d,
c
le
ar
po
in
t
P
t 2
. G
oo
d,
c
le
ar
s
up
po
rt
pr
ov
id
ed
Good point /
s
QM
QM
FINAL GRADE
60/100
CW 1 Car Industry and AI
GRADEMARK REPORT
GENERAL COMMENTS
Instructor
Source Selection: 6 (One merit criteria met; two of the
sources are less academic)
Source Evaluation and Use of Sources: 7 (Both Merit
criteria met)
Processing Text: 6.5 (mid-mark) One Distinction criteria
met - main points are all clear, support is repetitive /
less clear in places - make sure you give specific
examples / data).
Research and Understanding: 4.5 - mid-mark awarded.
Search methods are unclear / could not be followed.
Conclusions are good and clearly indicate reading has
been undertaken and understood.
24 / 40
PAGE 1
Text Comment. Overall structure looks clear, but what is the main focus of paragraph 5?
PAGE 2
Non-academic source
Remember that your sources must be reliable/trustworthy. This means they should be books,
academic journal articles, or reports from governments or international organisations. Do not use
general websites as primary sources.
Referencing error
QM
QM
QM
QM
QM
QM
QM
Check the guidelines on the cover page of this submission template to make sure you have
formatted the reference accurately.
Good point / s
Pt 1. Search method issue
You have not explained where you found your source or have used a non-academic search engine.
This is not good practice for academic study; please use either Google Scholar, StarPlus or the
reference lists of other related academic papers.
Comment 1
Google Scholar would be a better starting point, or you could follow up on research cited in the
website article to make sure that the research is academic and non-biased.
PAGE 3
Text Comment. This is not the title of the article - it is 'Driving Tests Coming for Autonomous
Cars'. Make .
CWTS
CWFT Module 7 Chapter 2
Eco-maps
1
ECO-MAPS
The eco-map helps to identify family resources at-a-glance. Areas of strength and concern are presented to assist in
creating a picture of the family’s world. Information is gathered in circles. Eco-maps are a snapshot in time.
Periodically update changes in connections to resources—especially natural familial and community resources to
maximize usefulness of the tool. The list below helps spur questions and generate deeper discussion about resources
and strengths during the initial visit.
Extended Family Medical/Health Care
Who is in the area that can be a support for you ALL family members: physical illness or disease
What kind of relationship Effects of chemical use
What kind of insurance
Income Effects of chemical use
Financial status Access to medical care
Sources of income Psychological illness, disease
Budgeting
Social Services/Resources
Friends County or Tribal/Financial Services/Child Welfare
Close – Supportive – Conflictive Names of workers
Where located Neighborhood centers
What kind of contact - frequency Agencies / counseling involved with in the past
Positive or negative experiences
Recreation
What do you do for fun Work/School
What do you do for relaxation Employment—past/present
What would you like to do What work are you interested in pursuing
Interests and / or hobbies What type of skills, vocation
What have you done in the past Degree or school until what grade
Positive or negative experiences
Spiritually/Religion
Spirituality and/or religious affiliation growing up Neighborhood
What kind of experiences did you have How long at present home
With what activities were you involved What is your neighborhood like
Current spiritual beliefs and religious affiliations Do you feel safe in your home and neighborhood
Where did you grow up, and what was it like
When showing connections with the ecomap, indicate the nature of the connections with a descriptive word or by
drawing different kinds of lines:
Strong connections: ----------
Tenuous connections: ._._._._
Stressful connections: //////
Draw arrows along the connection lines to signify the flow of energy and resources.
Identify significant people and fill in empty circles as needed. See the example Kelly Family below.
CWTS
CWFT Module 7 Chapter 2
Eco-maps
2
CHURCH/SPIRITUALITY
RECREATION
WORK/SCHOOL
FRIENDS
Extended Family/
Significant Others NEIGHBORHOOD
INCOME
SOCIAL SERVICES/
RESOURCES
NAME: ________________________
MEDICAL/
HEALTH CARE
STRENGTHS:
CONCERNS:
CWTS
CWFT Module 7 Chapter 2
Eco-maps
3
KELLY
FAMILY
Example
HEALTH CARE
EXTENDED
FAMILY
Absent father
WILLIAM
13
VERONA
9
GLORIA
14
SCHOOL
HOUSING:
Homeless
DANGEROUS
NEIGHBORHOOD
CHILD
WELFARE
(foster homes)
MFIP
BENEFITS
JOB TRAINING
Vocational
Rehabilitation
Prog.
Cw2 Marking Rubric Managerial Finance
0
Fail
2
(1-29) Fail
30-39
Fail
40-49
3rd
50-59
2:2
60-69
2:1
70+
1st
Grade Descriptors (Right)
Learning Pillars, Criterion Description and Expectations (Below)
Module Learning Outcome and Industry Competencies
Weighting
No attempt, No submission, Absent
Unsatisfactory, Poor, Week
Incomplete, Inadequate, Limited
Basic, Satisfactory, Sufficient
Appropriate, Fair, Reasonable,
Commendable, Competent, Judicious
Highly Commendable, Outstanding, Exceptional
1
Professional Skills - Executive Summary - Degree to which the executive summary explains the key themes and outcomes of the report in a one page summary
1A,1C
5%
As per grade descriptor
Poor attempt at identifying and
including key themes and/or outcomes. Is unlikely to be limited to one page only
The summary is limited in approach and
therefore incomplete. Possibly over one page in length.
Covers most of the key themes and
outcomes, basic use of information and sources, likely over one page in length.
A one page summary, which provides a
fair and appropriate executive summary to the report.
A commendable, one page summary.
Efficient structure which conveys and logically explains key themes and outcomes.
A strong one page summary. Which is
proficient in explaining key themes and outcomes. Very good structure to the summary.
2
Knowledge and Understanding:
- Introduction completeness and clarity of introduction to the organisation, background, context and rationale for the report being prepared
LO5,4A,4B,5A
10%
As per grade descriptor
Unsatisfactory introduction to the
organisation and background to report. Poor rational is presented. The scope of the report is very broad.
Incomplete introduction and/or background,
inadequate rationale for the report presented. Scope not adequately defined
Acceptable intro and/or background.
Somewhat basic rationale for the research presented. Satisfactory definition of report scope.
Appropriate introduction and/or
background. Fair rationale for the report presented. Scope reasonably well defined.
Commendable introduction and
background presented. Competent rationale presented. Scope well defined.
A strong and well articulated
introduction, the background is proficiently presented with excellent explanation of rationale to the report.
Scope very well defined.
3
Cognitive (thinking) Skills: Literature review:
Information is gathered from multiple, research- based sources. The appropriate content in consideration is covered in depth without being redundant. Sources are cited when specific statements are made. Significance to the
course is unquestionable
LO2,4A,1C,3C,3D
10%
As per grade descriptor
The literature review is
unsatisfactory in that the research content is irrelevant and/or incomplete with poor analysis and conclusions.
The literature review is inadequate in
that the research content is limited and/or incomplete with the same for it's analysis and conclusions.
The review is a.
CVPSales price per unit$75.00Variable Cost per unit$67.00Fixed C.docxdorishigh
CVPSales price per unit$75.00*Variable Cost per unit$67.00*Fixed Cost$100,000.00*Targeted Net Income$0.00*(assume 0 if you want to calculate breakeven)Calculated Volume12,500calculated* inputted by user
Social Networking Channels
Thomas Lamonte Esters
Independence University
29 September 2018
SOCIAL NETWORKING CHANNELS 1
I dislike social networking sites because of the dangerous hazards connected to it.
The ProCon article vividly describes the numerous benefits that are attached to the social networking sites such as connecting people, enhancing advertising and marketing, promoting research and education, assisting to spread information faster as compared to other media, connecting employers and employees and assisting the government to identify and prosecute criminals. These are just a few examples that the article illustrates to support the necessity of the social networking sites in the society today. According to the article, the social networking channels have significantly transformed different sectors such as businesses for the better since they can sell their products and services globally (Procon.org, 2018).
However, the detrimental effects connected with the social networking channels are also numerous and most of them may lead to permanent damage to our lives. It is very clear that the education is the backbone of our lives and also the key to success. Currently, about 69% of the American population use social media channels which is a drastic increase in the usage from 2008 where about 26% of the Americans were connected to the social media (Procon.org, 2018). Most of the social networking sites users are the youths who are in their lower grade level, colleges or even universities. The research shows that using social media when handling assignments decreases the quality of work and makes the students drop in their performance. Education is a core value to a successful life and allowing social media to intrude in the academics will be detrimental since it will lead to the production of incompetent individuals who may end up causing problems in the society (Rowell, 2015).
Moreover, the social media channels expose individuals’ to privacy problems and intrusion by any interested parties. In fact, nothing which is shared in the social media channels is private. According to the survey conducted, 81% of the people surveyed believed that social media is insecure. The government through the NSA (National Security Agencies) intrudes to people’s data and communication in social media meaning that their private information ends up in the hands of the government. Many people do not know about social media privacy settings and this means that they leave their social media accounts prone to invasion (Procon.org, 2018). Viruses such as Steck. Evl can also be propagated via the social media to cause harm to the users. Most of these viruses are spies and send users priv.
CYB207 v2Wk 4 – Assignment TemplateCYB205 v2Page 2 of 2.docxdorishigh
CYB/207 v2
Wk 4 – Assignment Template
CYB/205 v2
Page 2 of 2
NIST Risk Management Framework Step
What is the key NIST Special Publication that guides this step?
What are the typically deliverables for this step??
Who typically works on the deliverables for this step??
Step 1
Categorize
<(list NIST special pub)
(Describe the deliverable)
(List Author)
Step 2
Select
Step 3
Implement
Step 4
Assess
Step 5
Authorize
Step 6
Monitor
Copyright 2020 by University of Phoenix. All rights reserved.
Copyright 2020 by University of Phoenix. All rights reserved.
A Selection From
HAMMURABI'S CODE OF LAWS
(circa 1780 B.C.)
Translated by L. W. King
CODE OF LAWS
2. If any one bring an accusation against a man, and the accused go to the river and leap into the river, if he sink in the river his accuser shall take possession of his house. But if the river prove that the accused is not guilty, and he escape unhurt, then he who had brought the accusation shall be put to death, while he who leaped into the river shall take possession of the house that had belonged to his accuser.
3. If any one bring an accusation of any crime before the elders, and does not prove what he has charged, he shall, if it be a capital offense charged, be put to death.
6. If any one steal the property of a temple or of the court, he shall be put to death, and also the one who receives the stolen thing from him shall be put to death.
14. If any one steal the minor son of another, he shall be put to death.
15. If any one take a male or female slave of the court, or a male or female slave of a freed man, outside the city gates, he shall be put to death.
17. If any one find runaway male or female slaves in the open country and bring them to their masters, the master of the slaves shall pay him two shekels of silver.
21. If any one break a hole into a house (break in to steal), he shall be put to death before that hole and be buried.
22. If any one is committing a robbery and is caught, then he shall be put to death.
25. If fire break out in a house, and some one who comes to put it out cast his eye upon the property of the owner of the house, and take the property of the master of the house, he shall be thrown into that self-same fire.
59. If any man, without the knowledge of the owner of a garden, fell a tree in a garden he shall pay half a mina in money.
108. If a tavern-keeper (feminine) does not accept corn according to gross weight in payment of drink, but takes money, and the price of the drink is less than that of the corn, she shall be convicted and thrown into the water.
112. If any one be on a journey and entrust silver, gold, precious stones, or any movable property to another, and wish to recover it from him; if the latter do not bring all of the property to the appointed place, but appropriate it to his own use, then shall this man, who did not bring the property to hand it over, be convicted, and he shall pay fivefold for all that had been entrusted to him.
.
CUSTOMER SERVICE- TRAINIG PROGRAM
2
TABLE OF CONTENTS
Introduction ------------------------------------------------------------------------------------------------------------3
Training Needs Analysis ---------------------------------------------------------------------------------------------4
Training Design -------------------------------------------------------------------------------------------------------9
Training Objectives --------------------------------------------------------------------------------------------------10
Training Methods ----------------------------------------------------------------------------------------------------11
Training Development ----------------------------------------------------------------------------------------------13
Training Evaluation -------------------------------------------------------------------------------------------------14
Appendix I ------------------------------------------------------------------------------------------------------------16
References ------------------------------------------------------------------------------------------------------------17
3
INTRODUCTION
Background
In contrast to Walmart’s ability in maintaining leadership as a multinational retail aiming sustainability,
corporate philanthropy and employment opportunity, the company is falling behind in terms of customer
service satisfaction. Despite to the effort of Walmart’s executives throughout these years, in building a better
relationship with their customers, it seems they remain still unsuccessful. This can be measured as their
satisfaction rating levels are still extremely low when compared to other businesses in the same industry. Per
the American Customer Satisfaction Index (ACSI) annual ranking for 2016, Walmart, “still between one of
the 10 companies with the worst customer satisfaction”. (Tim Denman-March 01, 2016)
Since we all recognize the crucial importance that represents to any business keeping their customers happy,
not only with the price of the product but most important with the service provided. I will create a training
plan mainly focused in the delivery of effective customer service practices for all Walmart customer services
associates. This training program will provide to all Walmart’s new hires and current associates the
opportunity of not only learning, but also expanding, reinforcing and creating consistency of their knowledge
on how to deal with customers in different situations. How to improve happiness for the customers while
shopping and how to improve the associate’s customer service attitude and efficiency with the goal of
offering an outstanding service. Ultimately, to achieve delivering an enjoyable shopping experience to all
Walmart’s clients. This training will be presented in five different modules; each module will represent a
fundamental aspect inside of customer service job in order to make the associates.
Customer Service Test (Chapter 6 - 10)Name Multiple Choice.docxdorishigh
Customer Service
Test (Chapter 6 - 10)
Name:
Multiple Choice Questions (3 points each – please highlight your response)
1) ____ The Regional Sales Manager of a medical device company is an assertive person who proactively engages in confrontational dialogue during sales meetings of his company. Being a forceful businessman, he prefers firm handshakes in his interactions and is inclined to project a confident, arrogant demeanor. He is most likely to prefer what personality style:
a. Inquisitive
b. Rational
c. Expressive
d. Decisive
2) ____ An individual who favors solitary leisure activities over people-oriented activities is most likely to adopt what personality style:
a. Decisive
b. Expressive
c. Inquisitive
d. Rational
3) ____ People who adopt the inquisitive style differ from people who adopt the expressive style in that the former tends to be more like which of the following:
a. Volunteers feelings freely
b. Be very punctual and time conscious
c. Enjoys engaging individuals in person
d. Prefers informality and closeness in interactions
4) ____ A customer approaches a salesperson to discuss details of a product he is interested in. Given her preference for the expressive style, which of the following would the customer likely be interested in:
a. The bottom line of using the product
b. Instructions that discuss the use of the product
c. Questions related to rebates and other technical information
d. The color and sizes that the product is available in
5) ____ A good way to establish good relationships with an internal customer is to:
a. Tell your co-worker about all your work and family challenges
b. Wear strong fragrances to make sure you get noticed
c. Stay connected by stopping by their work area periodically
d. Forward your calls to him/her when you are away from your desk
6) ____ One strategy for dealing with talkative customers is to:
a. Ignore all the other customers while listening to them
b. Roll your eyes and look away
c. Direct them to your co-workers
d. Used closed-end questions to guide the conversation
7) ____ Which of the following is the last step of the problem solving model:
a. Evaluate the alternatives
b. Identify the alternatives
c. Monitor the results
d. Make a decision
8) ____ The Customer Experience Representative is confronted by an upset customers and uses a problem solving model to address the issue. She first identified the problem. The next step she should take is:
a. Monitor the results
b. Identify the alternatives
c. Make a decision
d. Evaluate the alternatives
9) ____ The last step of the service recover process is:
a. Show compassion
b. Conduct a follow up
c. Take further action
d. Apologize another time
10) ____ Which of the following statements is an example of an individualistic culture:
a. A country that provides all of it citizens with complete healthcare
b. A native tribe whose members pursue personal goals over the tribe’s
c. An ethnic group that runs all its decis.
Customer Value Funnel Questions1. Identify the relevant .docxdorishigh
Customer Value Funnel Questions
1. Identify the relevant macroenvironmental factors (level 1). What impact do these issues have on the focal organization?
2. Discuss the market factors (level 2). How do collaboration, competition, suppliers and regulators affect the performance of the focal organization?
.
Customer service is something that we have all heard of and have som.docxdorishigh
Customer service is something that we have all heard of and have some degree of familiarity with. However, customer service issues are a frequent complaint amongst customers. Using the Internet or another resource identify an organization with a reputation in customer service excellence. Then find another that has had a long history of customer service issues and complaints.
How do organizations promote customer service excellence?
What are the effects of poor customer service?
How does quality tie into customer service?
How can organizations improve their customer service models?
.
Customer requests are:
Proposed Cloud Architecture (5 pages needed from step 1 to step 5)
Final Report Evaluating AWS and Azure Providers (5 pages (step1 to5) + 2 pages from step 6 to 7 = the final report would be 7 pages), also you will find
the template for the final
report is on the last pages
Below are the instructions
Since you have become familiar with the foundations of cloud computing technologies, along with their risks and the legal and compliance issues, you will now explore cloud offerings of popular cloud providers and evaluate them to recommend one that would be the best fit for BallotOnline.
In this project, you will first learn about networking in the cloud and auxiliary cloud services provided by cloud vendors. Next, you will explore cloud computing trends, best practices, and issues involved in migrating IT deployments to the cloud, as well as typical architectures of cloud deployments. Then, you will apply your findings to propose a general architecture for BallotOnline’s cloud deployment to best address the company’s business requirements.
Once you have selected a deployment architecture, you will research two leading cloud vendors: Amazon Web Services (AWS) and Microsoft Azure. Exploring and comparing the tools available for application migration will enable you to recommend a vendor to the executives in your final report. The final deliverable is a written report to BallotOnline management, describing the results of your research and recommending the cloud deployment architecture and the vendor for its deployment, with justification.
Your final report should demonstrate that you understand the IT needs of the organization as you evaluate and select cloud providers. The report should include your insights on the appropriate direction to take to handle the company’s IT business needs. You will also be assessed on the ability to integrate relevant risk, policy, and compliance consideration into the recommendations, as well as the clarity of your writing and a demonstration of logical, step-by-step decision making to formulate and justify your ideas.
Check the
Project 3 FAQ thread
in the discussion area for any last-minute updates or clarifications about the project.
Step 1: Research Networking and Auxiliary Services in the Cloud
The executives at BallotOnline have been impressed with your research on cloud computing thus far. While there are a variety of
cloud providers
, BallotOnline is considering using Amazon Web Services (AWS) and Microsoft Azure, two of the top providers in the market. BallotOnline's executives want you to help determine which would be the best provider for the organization.
You will start with learning about
internet networking basics
and
cloud networking
. You will also research many
cloud services
that cloud providers make available to their customers to help them take full advantage of cloud service and deployment models.
Step 2: Research Cloud Trends, Best Practices, and Mig.
Customer Relationship Management
Presented By:
Shan Gu
Cristobal Vaca
Amber Vargas
Jasmine Villasenor- Team Leader
Xiaoqi Zhou
1
IST 309
Professor He
Group 10
3/18/20
23-25 minute presentation
Overview
Introduction to Customer Relationship Management (CRM)
Objectives of CRM
Different forms of CRM
Examples of businesses that use CRM
The problem, context, & architecture of CRM
The state of art & current best practices of CRM
Advantages and Disadvantages of CRM
Recommendations
2
Introduction to CRM
Customer relationship management (CRM) is an approach to manage a company's interaction with current and potential customers
It’s seen as both an organizational strategy & information technology
Takes form in various systems and applications
Builds sustainable long-term customer relationships that create value for both the company and it’s customers
Contributes to customer retention & expansion of their relationships with advantageous existing customers
Obtains new customers
3
It uses data analysis about customers' history with a company to improve business relationships with customers, specifically focusing on customer retention and ultimately driving sales growth.
CRM helps companies acquire new customers and retain and expand their relationships with profitable existing customers. Retaining customers is particularly important because repeat customers are the largest generator of revenue for an enterprise. Also, organizations have long understood that winning back a customer who has switched to a competitor is vastly more expensive than keeping that customer satisfied in the first place.
The goal is simple: Improve business relationships. A CRM system helps companies stay connected to customers, streamline processes, and improve profitability.
Objectives
Who is CRM for?
Large businesses
Small businesses
Customers of both types of businesses listed above
4
Key Features:
stay connected to customers
streamline processes
provide visibility & easy access to data
improve efficiency & profitability
How does CRM benefit businesses?
Provides a clear overview of your customers
Can be used as both a sales and marketing tool
Contributes information from HR → Customer service → Supply-chain management
A CRM system gives eve#ryone — from sales, customer service, business development, recruiting, marketing, or any other line of business — a better way to manage the external interactions and relationships that drive success. A CRM tool lets you store customer and prospect contact information, identify sales opportunities, record service issues, and manage marketing campaigns, all in one central location — and make information about every customer interaction available to anyone at your company who might need it.
Some of the biggest gains in productivity can come from moving beyond CRM as a sales and marketing tool, and embedding it in your business – from HR to customer services and supply-chain management.
E.
Custom Vans Inc. Custom Vans Inc. specializes in converting st.docxdorishigh
Custom Vans Inc. Custom Vans Inc
. specializes in converting standard vans into campers. Depending on the amount of work and customizing to be done, the customizing could cost less than $1,000 to more than $5,000. In less than four years, Tony Rizzo was able to expand his small operation in Gary, Indiana, to other major outlets in Chicago, Milwaukee, Minneapolis, and Detroit.
Innovation was the major factor in Tony’ s success in converting a small van shop into one of the largest and most profitable custom van operations in the Midwest. Tony seemed to have a special ability to design and develop unique features and devices that were always in high demand by van owners. An example was Shower-Rific, which Tony developed only six months after he started Custom Vans Inc. These small showers were completely self-contained, and they could be placed in almost any type of van and in a number of different locations within a van. Shower-Rific was made of fiberglass and contained towel racks, built-in soap and shampoo holders, and a unique plastic door. Each Shower-Rific took 2 gallons of fiberglass and 3 hours of labor to manufacture.
Most of the Shower-Rifics were manufactured in Gary, in the same warehouse where Custom Vans Inc. was founded. The manufacturing plant in Gary could produce 300 Shower-Rifics in a month, but that capacity never seemed to be enough. Custom Vans shops in all locations were complaining about not getting enough Shower-Rifics, and because Minneapolis was farther away from Gary than the other locations, Tony was always inclined to ship Shower-Rifics to the other locations before Minneapolis. This infuriated the manager of Custom Vans at Minneapolis, and after many heated discussions, Tony decided to start another manufacturing plant for Shower-Rifics at Fort Wayne, Indiana.
The manufacturing plant at Fort Wayne could produce 150 Shower-Rifics per month. The manufacturing plant at Fort Wayne was still not able to meet current demand for Shower-Rifics, and Tony knew that the demand for his unique camper shower would grow rapidly in the next year. After consulting with his lawyer and banker, Tony concluded that he should open two new manufacturing plants as soon as possible. Each plant would have the same capacity as the Fort Wayne manufacturing plant. An initial investigation into possible manufacturing locations was made, and Tony decided that the two new plants should be located in Detroit, Michigan; Rockford, Illinois; or Madison, Wisconsin. Tony knew that selecting the best location for the two new manufacturing plants would be difficult. Transportation costs and demands for the various locations were important considerations.
The Chicago shop was managed by Bill Burch. This Custom Vans shop was one of the first established by Tony, and it continued to outperform the other locations. The manufacturing plant at Gary was supplying the Chicago shop with 200 Shower-Rifics each month, although Bill knew that the demand for the.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
1 SEC450 ACL Tutorial This document highlights.docx
1. 1
SEC450 ACL Tutorial
This document highlights the most important concepts on
Access Control List (ACL) that
you need to learn in order to configure ACL in CLI. This
tutorial does not intend by any
mean to cover all ACL applications, but only those scenarios
used in then SEC450
iLabs.
Introduction to Access Control List
-based firewall essentially works closing and/or
opening ports in a
computer. The engine behind firewalls is built with Access
Control Lists (ACL).
-based firewalls are implemented in device-specific
appliances and
routers. Basically, firewalls in routers filter packets through
2. interfaces to permit
or deny them.
-4 address specified in TCP/IP protocol suit
that identify
networking processes running in clients and servers.
-specific commands. In
Cisco IOS, CLI
commands access-list and access-group are used to create and
apply ACL on
an interface.
useful to identify
ACL’s purpose.
Extended ACL’s number
IDs are from 100 to 199.
3. filter through an
interface. Hence, standard ACL denies or permits all packets
(IP) with the same
source IP regardless upper protocols, destination IP address,
etc. Example 1:
Router(config)#access-list 8 deny host 172.12.3.5
source IP address,
source port number, destination IP address and destination port
number.
Example 2: Router(config)#access-list 102 deny tcp host
10.0.3.2 host
2
172.129.4.1 Deny tcp packets with source IP address 10.0.3.2
and destination IP
address 172.129.4.1.
to apply them in
4. an interface as closer as possible to the concerning destination
network.
in an interface as
closer as possible to the source IP address.
packets to filter.
Create Extended ACL in global configuration
-list command options lt, gt, eq, neq,
range (less than,
greater than, equal, not equal, range of ports) to do operation
with port numbers.
Example 3: access-list 102 deny tcp any host 11.23.45.7 gt 20
denies all
packets with any source IP address to destination IP address
11.23.45.7 and
destination tcp port greater than 20.
Example 4: access-list 107 permit udp any any permits all
packets with udp
protocol with any source IP address to any destination IP
address.
5. number and
destination port number.
access-list <#,name> <protocol> host <source_ip>
<port_qualifier>
<source_port_number> host <dest_ip> <port_qualifier>
<dest_port_number>
where:
<#,name> is a number between 100 to 199 or a one-word name
<protocol> is any protocol in the TCP/IP suite
<source_ip> & <dest_ip> are the source and destination IP
addresses
<port_qualifier> is optional, and can be eq, gt, lt, neq, & range
<source_port_number> & <dest_port_number> follow
<port_qualifier> to specify the
port number(s). <port_qualifier> and <port_number> can be
replaced by the application
protocol. Example, http instead of eq 80
protocol, per
6. interface, per traffic direction”.
in CLI global
configuration using access-list command(s). Then, apply the
ACL using
access-group command in CLI interface configuration.
3
-list commands.
Routers process the
ACL commands in order; top first to bottom last.
ectiveness of an access-list command depends upon
previous access-list
commands. Therefore, always write the commands in order;
more-specific-traffic
commands first, and, more-generic-traffic commands last.
Example 5:
Router(config)#access-list 101 deny tcp host 10.0.3.2 any
7. Router(config)#access-list 101 permit tcp any any
But never follows the order below, because the second
command is worthless.
Router(config)#access-list 101 permit tcp any any
Router(config)#access-list 101 deny tcp host 10.0.3.2 any
-list command at the end that
denies all packets
(i.e. deny ip any any). Hence, packets that are not specifically
permitted in a
command will be denied by the ACL.
Example 6: Use command Router(config)#access-list 105
permit ip any any at
the end of ACL if it requires to permit all other traffic after
denying packets with
Router(config)#access-list 105 deny icmp any host
192.168.10.244
-list commands to filter
packets from a subnet
of source and/or destination IP addresses instead of single
hosts. IP addresses
in each of those subnets must be continuous. Here the syntax.
Filtering on port
8. numbers is also applicable, but it have been omitted for the sake
of simplicity.
access-list <#,name> <protocol> <source_ip>
<source_wildcard> < <dest_ip>
<dest_wildcard>
where:
<#,name> is a number between 100 to 199 or a one-word name
<protocol> is any protocol in the TCP/IP suite
<source_ip> & <dest_ip> are the source and destination IP
addresses
<source_wildcard> & <dest_wildcard> specify the subnet
ranges of source and
destination IP addresses
protocols such as EIGRP
and OSPF. Wildcard bit 0 means the bit in the IP address must
be the same as
the corresponding bit in the subnet IP addresses. Wildcard bit 1
means the bit in
the IP address can be any value (0 or 1).
Example 7: access-list 105 deny udp 172.16.7.3 0.0.0.3 any
9. means to deny
all packets with udp protocol with source IP addresses from
172.16.7.0 to
4
172.16.7.3 to any destination IP address. Note that .3 means in
binary
.00000011 and .000000xx for wildcard.
Example 8: access-list 109 permit tcp host 192.168.6.3 eq 80
10.0.0.0
0.0.0.255 means to permit all tcp packets from source IP
address 192.168.6.3
and source port tcp 80 (i.e. http server) to destination IP
addresses in the subnet
10.0.0.0 to 10.0.0.255. The fact that 10.0.0.0 would not qualify
for host IP in
classful networks has been ignored for simplicity.
host in access-list
commands. Example 9:
10. access-list 110 permit ip host 10.23.4.3 host 10.30.2.1 and
access-list 110 permit ip 10.23.4.3 0.0.0.0 10.30.2.1 0.0.0.0 are
equivalent
commands. Both permit filtering packets with source IP address
10.23.4.3 and
destination IP address 10.30.2.1.
-list commands when the ACL
requires filtering
packets on subnet of IP addresses; either at source, destination
or both.
Apply to an Interface a created ACL
that permits filtering
any traffic excepting udp packets with source IP address
10.23.4.3 and
destination IP address 10.30.2.1 as shown in the network
diagram below.
configuration.
Router#config t
Router(config)#access-list 103 deny udp host 10.23.4.3 host
11. 10.30.2.1
Router(config)#access-list 103 permit ip any any
the source. The
interface is S0/1 in Router for traffic coming from IP 10.23.4.3.
Router(config)#interface s0/1
Router(config-if)#ip access-group 103 in
5
then erase first the
ACL from global and interface configurations. To erase ACL
103 from the
previous example execute the following commands:
Router(config)#no ip access-list 103
Router(config)#interface s0/1
Router(config-if)#no ip access-group 103
Now, you can start over creating ACL 103. If you do not erase
12. the ACL first, then
access-list commands will be compounding in the configuration
file producing
unexpected behavior. Use command show run to verify the
ACL is erase and
created again correctly.
Verify ACL Configuration
in a router R to
deny TCP traffic coming through interface Serial 0/2 from
source IP address
10.16.2.1 to destination IP address172.16.5.3 with destination
port number
greater than 200. Then, the ACL should permit filtering any
other traffic.
I.
First, create the ACL.
Second, apply the ACL to interface Serial 0/2.
R> enable
R# config t
R(config)# access-list 101 deny tcp host 10.16.2.1 host
172.16.5.3 gt 200
R(config)# access-list 101 permit ip any any this command is
needed to permit any
other traffic after denying the one from previous command.
R(config)# interface serial0/2
13. R(config-if)# ip access-group 101 in this command is to apply
the ACL to serial0/2 for
traffic coming in.
R(config-if)# exit
R# show run this is to verify the ACL configuration is correct in
running-config.file
R#show running-config
version 12.3
!
hostname R
!
interface FastEthernet0/0
ip address 192.168.200.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.20.1 255.255.255.0
shutdown
!
interface Serial0/0
14. ip address 200.100.20.2 255.255.255.0
6
!
interface Serial0/1
ip address 192.168.30.2 255.255.255.0
shutdown
!
interface Serial0/2
ip address 192.168.40.1 255.255.255.0
ip access-group 101 in
!
router rip
network 192.168.200.0
network 200.100.20.0
!
15. ip default-network 200.100.20.0
ip route 0.0.0.0 0.0.0.0 serial0/0
!
!
access-list 101 permit tcp host 10.16.2.1 host 172.16.5.3 gt 200
access-list 101 permit ip any any
!
!
line con 0
line aux 0
line vty 0 4
password cisco
line vty 5 15
password cisco
!
end
below and start over
16. again
R# config t
R(config)# no access-list 101
R(config)# interface serial0/2
R(config-if)#no ip access-group 101
1) Explain the differences between the Dynamic Network
address translation (NAT) and a Static NAT.
2) Demonstrate the major differences of an enterprise campus
architecture, enterprise branch architecture, enterprise edge
architecture, enterprise data center architecture, and enterprise
teleworker architecture.
3) State an explain the Six Various Fields of PPP frame, from
beginning to end.
4) Describe virtual circuits and how they operate in frame Relay
environment. Also, explain the differences between switched
virtual circuits (SVC) and permanent virtual circuits.
5) Demonstrate and Describe the various types of complex
access control list ACLs). Also, Explain how these ACLs can be
utilized in a wide area network (WAN)
6) Describe what a teleworker or telecommuter is as it relates to
a working environment. Also how does a teleworker or
Telecommuter relate to a wide area Network (WAN)
7) List an explain some of the venerable router services and
how they can be resolved.
17. 8) Explain the Differences in Physical layer and Data-Link layer
Network troubleshooting. Also, Describe Different situations
where these techniques could be utilized
Student Name _________________________________ Date
_____________SEC450 Security Demands – iLab2
Objectives
In this lab, the students will examine the following objectives.
· Create ACL to meet the requirements of the security demands
· Modify existing ACL to meet additional security requirements
Scenario
A small company is using the topology shown below. Minimal
security measures have been implemented. Assume that the
200.100.0.0/16 network represents the Internet. The Dallas and
Chicago Hosts need to be protected from specific types of
malicious traffic from the Internet.
Topology
The last page of the lab assignment document contains a full
page topology. Remove this page and use it for reference to the
topology and the IP addresses.
Initial Configuration
The Dallas and Chicago Routers’ FastEthernet and Serial
interfaces used for the lab have been correctly configured and
enabled. Unused interfaces have been shutdown. The RIP
routing tables are complete for all routers and hosts. No ACLs
have been applied to any of the routers. Below is the initial
running-config file in Chicago router.
18. version 12.3(4)T7
!
hostname Chicago
!
interface FastEthernet0/0
ip address 192.168.200.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.20.1 255.255.255.0
shutdown
!
interface Serial0/0
ip address 200.100.20.2 255.255.255.0
!
interface Serial0/1
ip address 192.168.30.2 255.255.255.0
shutdown
!
router rip
network 192.168.200.0
network 200.100.20.0
!
ip default-network 200.100.20.0
ip route 0.0.0.0 0.0.0.0 serial0/0
!
!
line con 0
line aux 0
line vty 0 4
password cisco
line vty 5 15
password cisco
!
end
Lab Data Collection and Submission
19. Enter your name and date at the top of the lab document. As you
complete each task of the lab assignment answering questions
into this lab document. You will submit the completed
SEC450_W2_SecurityDemands_iLab.docx file into the week’s
eCollege iLab Dropbox.
Note: RED text indicates the required answering questions
Task 1—Apply the ACL to meet initial requirements
Your task as a network administrator is to configure an ACL in
Chicago Router to meet the following requirements.
1. Permit ftp and http traffic from the Chicago host to the
Dallas Server.
2. Deny all other TCP traffic from the Chicago host to the
Dallas Server.
3. Permit all other traffic.
#1. If you are applying an extended ACL to deny specific
packets, where should you apply it, as close to the source as
possible or as close to the destination as possible? Explain your
answer.
#2. If you are writing an ACL with multiples access-list
commands, what order do you follow to write the commands?
20. #3. What port numbers do ftp and http servers use? Why does
ftp server use two port numbers?
#4. In which interface and direction would you apply the ACL
in Chicago router? Why?
#5. What is the intrinsic access-list command that exist in all
ACL?
#6. Copy below Chicago router’s running-config file from page
2, and add the commands needed to create and apply the ACL in
the router.
Task 2—Apply the ACL to meet later requirements
21. Two weeks later, you receive a request to modify the ACL
created in Chicago router to meet these new requirements:
1. Permit ftp traffic from the Chicago host to the Dallas Server.
2. Permit http traffic from any host in Chicago LAN to the
Dallas Server.
3. Deny all other TCP traffic from the Chicago host to the
Dallas Server.
4. Permit all other traffic.
#7. Write below the commands needed to modify the ACL in
Chicago router.
Answer all questions in the iLab Report document and upload it
in Week 2 iLab Dropbox.
1
Revision Date: MAY14
Student Name _________________________________ Date
_____________SEC450 iLab2 Report
Initial Configuration Chicago Router
version 12.3(4)T7
!
hostname Chicago
!
22. interface FastEthernet0/0
ip address 192.168.200.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.20.1 255.255.255.0
shutdown
!
interface Serial0/0
ip address 200.100.20.2 255.255.255.0
!
interface Serial0/1
ip address 192.168.30.2 255.255.255.0
shutdown
!
router rip
network 192.168.200.0
network 200.100.20.0
!
ip default-network 200.100.20.0
ip route 0.0.0.0 0.0.0.0 serial0/0
!
!
line con 0
line aux 0
line vty 0 4
password cisco
line vty 5 15
password cisco
!
end
Note: RED text indicates the required answering questions
Task 1—Apply the ACL to meet initial requirements
23. #1. If you are applying an extended ACL to deny specific
packets, where should you apply it? Explain your answer.
#2. If you are writing an ACL with multiples access-list
commands, what order do you follow to write the commands?
#3. What port numbers do ftp and http servers use? Why does
ftp server use two port numbers?
#4. In which interface and direction would you apply the ACL
in Chicago router? Why?
24. #5. What is the hidden access-list command that exist in all
ACL?
#6. Copy below Chicago router’s running-config file from page
2, and add the commands needed to create and apply the ACL in
the router.
Task 2—Apply the ACL to meet later requirements
#7. Write below the commands needed to modify the ACL in
Chicago router.
Save this document with all questions answered and upload it in
Week 2 iLab Dropbox.
4
Revision Date: MAY14
Student Name _________________________________ Date
_____________Database Server Security Demands – iLab3
Objectives
In this lab, the students will examine the following objectives.
25. · Become familiar with well-known and ephemeral ports
· Create ACL to meet requirements on database security
demands
· Learn best practices to create and apply ACLs.
Scenario
A small company is using the topology shown below. The
Public Server is actually an off-site Database Server that
contains company records. Assume that the 200.100.0.0/16
network represents the Internet. The Dallas and Chicago Servers
and hosts need to access the database server securely. Only
users in the Dallas and Chicago LANs should be able to access
the database server.
Topology
26. The last page of the lab assignment document contains a full-
page topology. Remove this page and use it for reference to the
topology and the IP addresses.
Initial Configuration
The Dallas, Chicago, and ISP Routers’ FastEthernet and Serial
interfaces used for the lab have been correctly configured and
enabled. Unused interfaces have been shutdown. The RIP
routing tables are complete for all routers and hosts. No ACLs
have been applied to any of the routers. Below is the initial
running-config file in ISP router.
version 12.3(4)T7
!
hostname ISP_Router
!
interface FastEthernet0/0
ip address 200.100.0.1 255.255.255.0
!
interface FastEthernet1/0
ip address 200.100.40.1 255.255.255.0
!
interface Serial0/0
ip address 200.100.10.1 255.255.255.0
!
interface Serial0/1
ip address 200.100.20.1 255.255.255.0
!
router rip
network 200.100.0.0
27. network 200.100.10.0
network 200.100.20.0
network 200.100.40.0
!
line con 0
line aux 0
line vty 0 4
password cisco
line vty 5 15
password cisco
!
end
Lab Data Collection and Submission
Download and open the lab document file: SEC450_DB-
SecurityDemands_Report.docx. Enter your name and date at the
top of the lab document. As you complete each task of the lab
assignment entering all relevant configuration commands, and,
answered questions (as specified in the iLab assignment) into
this lab document. You will submit the completed
SEC450_DB_SecurityDemands_Report.docx file into the this
week’s eCollege iLab Dropbox.
Note: RED text indicates the required questions to answer
Task to Set up Security Policy for Offsite Database Server
The following requirements were given to the network engineer
to create and apply ACL 100 in ISP router
1. Permit SQL database traffic from the Public server to the
Dallas Host.
2. Permit SQL database traffic from the Public server to the
Dallas Server.
3. Permit SQL database traffic from the Public server to the
Chicago Host.
28. 4. Permit SQL database traffic from the Public server to the
Chicago Server.
5. Deny all other TCP traffic from the Public server to any
destination.
6. Permit all other traffic.
#1. Explain the meaning of the "three P's" best practice rule to
create ACL in routers
#2. Explain the difference between the following two access-
list commands
a) access-list 101 permit tcp any any eq 80
b) access-list 101 permit tcp any eq 80 any
#3. What are well-known, registered, and ephemeral UDP/TCP
ports?
29. #4. What is wrong with ACL 105?
access-list 105 permit tcp any any
access-list 105 deny tcp host 201.141.0.3 any
#5. What well-known TCP port does Oracle Database (sql net)
server use?
#6. A company is managing an Oracle Database located in a
Public Server to support day-to-day operations in Dallas and
Chicago networks. The company has requested its Internet
Access Provider (ISP) to create the necessary ACL at the ISP
router securing that only responses from Oracle server to certain
hosts are allowed to enter Dallas and Chicago LANs.
ISP network engineers decided to use extended ACL, and
applies it to F0/0 interface in ISP router. Why did they decide
to create an extended ACL and apply it in interface F0/0 for
inbound traffic?
#7. Copy below ISP router’s initial running-config file from
page 2, and add the commands needed to create and apply the
30. ACL in the ISP router.
Answer all questions in the iLab Report document and upload it
in Week 3 iLab Dropbox.
3
Revision Date: 1103
Student Name _________________________________ Date
_____________SEC450 iLab3 Report
Initial Configuration ISP Router
version 12.3(4)T7
!
hostname ISP_Router
!
interface FastEthernet0/0
ip address 200.100.0.1 255.255.255.0
!
interface FastEthernet1/0
ip address 200.100.40.1 255.255.255.0
!
interface Serial0/0
ip address 200.100.10.1 255.255.255.0
31. !
interface Serial0/1
ip address 200.100.20.1 255.255.255.0
!
router rip
network 200.100.0.0
network 200.100.10.0
network 200.100.20.0
network 200.100.40.0
!
line con 0
line aux 0
line vty 0 4
password cisco
line vty 5 15
password cisco
!
end
Note: RED text indicates the required questions to answer
Task to Set up Security Policy for Offsite Database Server
#1. Explain the meaning of the "three P's" best practice rule to
create ACL in routers
#2. Explain the difference between the following two access-
list commands
a) access-list 101 permit tcp any any eq 80
32. b) access-list 101 permit tcp any eq 80 any
#3. What are well-known, registered, and ephemeral UDP/TCP
ports?
#4. What is wrong with ACL 105?
access-list 105 permit tcp any any
access-list 105 deny tcp host 201.141.0.3 any
#5. What well-known TCP port does Oracle Database (sql net)
server use?
#6. A company is managing an Oracle Database located in a
33. Public Server to support day-to-day operations in Dallas and
Chicago networks. The company has requested its Internet
Access Provider (ISP) to create the necessary ACL at the ISP
router securing that only responses from Oracle server to certain
hosts are allowed to enter Dallas and Chicago LANs.
ISP network engineers decided to use extended ACL, and
applies it to F0/0 interface in ISP router. Why did they decide
to create an extended ACL and apply it in interface F0/0 for
inbound traffic?
#7. Copy below ISP router’s initial running-config file from
page 2, and add the commands needed to create and apply the
ACL in the ISP router.
Answer all questions in this document and upload it in Week 3
iLab Dropbox.
3
Revision Date: 1103
Student Name _________________________________ Date
_____________SEC450 iLab7 Report
34. Note: RED text indicates the required questions to answer
Task 1—Layout the New Network Design
#1. Paste below your new network design diagram.
Task 2—IDS/IPS Recommendations
#2. Write an engineering specification document of at least 250
words (e.g. 1 page of full text, double space & size 12)
describing why your networks design meets each of the
company’s requirements. Justify how each recommendation
addresses the company’s needs.
Task 3—Conclusions
#3. Describe in two paragraphs your learning experience in this
lab.
eCommerce DMZ
35. Initial Network Topology
HR LAN
MKT LAN
Interested in learning
more about security?
SANS Institute
InfoSec Reading Room
This paper is from the SANS Institute Reading Room site.
Reposting is not permitted without express written permission.
Network IDS & IPS Deployment Strategies
Information systems are more capable today than ever before.
Society increasingly relies on computing
environments ranging from simple home networks, commonly
attached to high speed Internet connections, to the
largest enterprise networks spanning the entire globe. Filling
one's tax return, shopping online,
banking online, or even reading news headlines posted on the
Internet are all so convenient. This increased
reliance and convenience, coupled with the fact that attacks are
concurrently becoming more p...
Copyright SANS Institute
37. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Network IDS & IPS Deployment Strategies
GSEC Gold Certification
Author: Nicholas Pappas, [email protected]
Adviser: Joel Esler
Accepted: April 2, 2008
39. , A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Outline
1.Introduction........................................................................3
2.Network Intrusion Detection System
(IDS)............................4
3.Network Intrusion Prevention System
(IPS)...........................7
4.Key Differences Between IDS &
IPS.......................................9
42. rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
1.Introduction
Information systems are more capable today than ever before.
Society
increasingly relies on computing environments ranging from
simple home networks,
commonly attached to high speed Internet connections, to the
largest enterprise
networks spanning the entire globe. Filling one's tax return,
shopping online,
banking online, or even reading news headlines posted on the
Internet are all so
convenient. This increased reliance and convenience, coupled
with the fact that
attacks are concurrently becoming more prevalent has
consequently elevated the
need to have security controls in place to minimize risk as much
as possible.
43. This risk is often ignored as many people mistakenly disregard
the computing
power of their home systems, or small office networks. If the
risk is not completely
ignored, system owners routinely deploy a network firewall to
protect web servers, or
email servers and mistakenly feel safe. The convenience of
conducting business over
the world wide web, or communicating over email has made
such services a prime
target for automated attacks. Most network firewalls control
network access by
blocking traffic based on an IP address and port number. If you
have an email server
and wish for it to communicate with systems external to your
network you will have
to open port 25 (smtp) enabling this external communication.
But what happens
when an inbound attack comes in over port 25? Without having
devices designed to
monitor the content of this malicious traffic the email server is
at the mercy of such
an attack.
Nicholas Pappas 3
45. ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
This document introduces tools used to systematically monitor
network
activity and discusses the deployment strategies of such
systems. Regardless of the
size of the network, having the ability to monitor network
activity is a key
component of defending information systems from attacks
launched through various
networks as well as finding internal systems that may not be
configured correctly
46. resulting in extraneous traffic absorbing valuable network
throughput. We begin
with an introduction of what network intrusion detection
systems and intrusion
prevention systems are, then discuss connecting and deploying
such devices. The
paper then concludes after mentioning examples utilizing these
systems in practical
environments. There is no single security measure sufficient to
independently
protect information systems. Having a layered security
architecture greatly reduces
risk to system users. One invaluable layer is comprised of
network intrusion
detection systems.
2.Network Intrusion Detection System (IDS)
Network Intrusion Detection Systems (IDS) monitor system
behavior and alert
on potentially malicious network traffic (Baker, 2004). IDS can
be set inline, attached
to a spanning port of a switch, or make use of a hub in place of
a switch. The idea
here is to allow access to all packets you wish the IDS to
monitor.
48. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
false alarms, alerts tend to not be taken seriously. On the other
side of the
spectrum, if the IDS rarely alerts on malicious traffic, it leads
49. one to wonder if it is
working at all. Tuning an IDS is somewhat of an art, a
balancing act between four
points of concern. These four points are true positives, false
positives, true
negatives and false negatives. Table 1 shows their relationship:
Table 1: Relationship of event categories.
The ideal tuning of an IDS maximizes instances of events
categorized in the cells
with a shaded background. True positives occur when the
system alerts on intrusion
attempts or other malicious activity. False negatives are
somewhat of a null situation
but are important nonetheless. The false negative is comprised
of the system failing
to alert on malicious traffic. At times many people have trouble
remembering what
each of the four event categories are. An analogy helps.
Imagine the life cycle of a schoolhouse fire alarm. Using this
analogy to
describe the four categories is perhaps an easier method of
understanding the
distinctions. A true positive, would then be analogous to a
50. burning schoolhouse and
the alarm sounding. This, after all, is the intended purpose of
the schoolhouse fire
alarm. The false negative occurs when the schoolhouse has an
actual fire yet the fire
Nicholas Pappas 5
POS ITIVE NEGATIVE
TRUE
FALS E
True Positive:
Alerted on
intrusion attempt
True Negative:
Not alerted on
benign activity
False Positive:
Alerted on
benign activity
False Negative:
Not alerted on
intrusion attempt
52. r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
alarm remains silent; alerting no one of the fire thus creating a
danger to those
counting on successful operation of the fire alarm.
Continuing with this analogy, the remaining conditions are as
follows. When a
mischievous student pulls the alarm, knowing no fire exists,
he/she presents a false
positive. The alarm dutifully goes off with the lack of a fire.
Numerous occurrences
of false positives and the seriousness of the alarm is belittled
and soon to be
53. ignored. Finally the true negative relates to the alarm
remaining silent while the
schoolhouse is not aflame. Table 2 maps the conditions of this
analogy using a
similar format used in Table 1.
Table 2: Relationships as they apply to the schoolhouse fire
alarm analogy.
Tuning an IDS is typically an ongoing task. Threats and
computing
environments are ever-changing, thus systems deployed to
detect such threats must
adapt accordingly. Detecting malicious network activity is an
important piece of an
overall security architecture, but what can we do to defend from
detected attacks?
Prevention is the key and covered in the section.
Nicholas Pappas 6
ALARM S ILENCE
Intended
Function
True Positive:
Alarm sounded
during actual fire
56. Network IDS & IPS Deployment Strategies
3.Network Intrusion Prevention System (IPS)
The ability to monitor network traffic is a key component of
protecting
information systems. Even still, defending those systems from
the many threats can
be a daunting task. A firewall is commonly used to provide a
layer of security for its
respective local network. Firewalls by themselves have
limitations though. Most can
only block based on IP addresses or ports. In contrast Network
Intrusion Prevention
Systems (IPS) are able to use signatures designed to detect and
defend from specific
types of attacks such as denial of service attacks among others.
This is an
advantage, for instance, with sites hosting Web servers.
To permit Web service traffic, a firewall passes Hypertext
Transfer Protocol
(port 80) to external systems if not the entire world. This opens
up risk because
many attacks and exploits are inherent to Web server
applications (e.g., Apache,
59. fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
intended to serve.
Web services are commonplace across the Internet, but the
above example can
be applied to many other networked services. To be compliant
with systems across
the wide spread internetwork a standard service port must be
used. These ports are
considered to be “known ports”, for instance port 25 is assigned
to Simple Mail
Transport Protocol (SMTP), port 53 is assigned to Domain
Network Services (DNS).
Permitting these ports through a firewall is essential to be
compatible with systems
across the globe. Using an IPS along with a firewall offers the
system owners some
60. piece of mind while at the same time maintaining the required
functionality.
IPS have also been known to block buffer overflow type attacks,
and can be
configured to report on network scans that typically signal a
potential attack is soon
to follow. Advanced usage of an IPS may not drop malicious
packets but rather
redirect specific attacks to a honeypot. A simple example of
this utilization might
redirect a malicious connection to a device setup to emulate the
would be victim.
Honeypots are not in the scope of this paper. However, this
type of redirection
creates research opportunities into methods of attackers or
active automated
threats, while at the same time defending the actual production
systems. At the very
least, the honeypot-redirect methodology creates potential to
absorb attackers' time
and other resources as systems under their command attempt to
compromise phony
assets.
Nicholas Pappas 8
62. ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
4.Key Differences Between IDS & IPS
Intrusion detection and intrusion prevention are similar
concepts but there are
distinct differences, unique concerns, and benefits inherent with
deploying either
one, or both as we will see later. Let's start our dissection with
intrusion detection.
Network intrusion detection systems allow analysts the ability
to peer into
network traffic and gain an in-depth understanding of protocols
63. belonging to
network stacks, applications and operating systems. While
intrusion detection
systems can be placed inline, they are commonly connected to
the spanning port of
a switch, attached to a hub, or make use of network taps. The
intent here is to allow
a designated network interface to process all traffic analysts
want to inspect.
If an intrusion detection system is out-of-band, the opposite of
inline, then
the monitored network will not be at the mercy of the IDS
failure potential. If the
system is placed inline and it fails, network packets will no
longer be processed thus
ceasing all connectivity the system is designed to monitor. This
is a benefit over
intrusion prevention systems which are always configured
inline.
Detection systems connected to a spanning port or hub have the
potential to
send a reset packet, to both the source and target of malicious
sessions. This being
an example of utilizing an IDS as a defensive measure.
65. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
As mentioned previously, the risk introduced with placing either
an IDS or IPS
inline is related to the likelihood of the system failing resulting
66. in the link being
brought down. Some commercial systems will go into failsafe
mode where they
default to being open and minimize risk of a device failure
causing network outage.
Security and network analysts should know outage caused by
system failure must be
avoided if at all possible. The mission of deploying security
controls is defeated
when the controls themselves are excessively prone to failure.
Especially when their
failure unintentionally brings down large scale network
connectivity.
5.Network Segregation & Trust Zones
Realistically expecting security professionals to completely
secure every system
on a network is unreasonable. Often times, security controls are
in direct opposition
to functionality inherent with today's feature-rich computing
environments. All too
often, 100% secure is congruent to 0% usable. An effective
strategy to balance
security with functionality is with network segregation. The
resulting zones are
71. ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Looking towards the center of Figure 1, you will find concentric
circles
exhibiting “circles of trust”. In this portion of the example,
each department has
direct access to the front end application circle; perhaps in the
form of a web
application. This front-end application is then utilized to
carefully grant or deny
access to the organization's most critical data (e.g., file servers,
databases). Any four
of the sample departments are not capable of gaining direct
access to the back end
data storage. To view or modify this critically important data,
personnel must first
72. go through the middleware responsible for administering the
most restrictive
permissions. This model follows the principle of least privilege
with respect to the
innermost data storage zone. That is, giving subjects no more
and no less access to
objects than is required to exclusively conduct business related
tasks (Harris, 2003).
IDS and IPS are great tools to leverage when defining,
monitoring, auditing,
and enforcing the circumference of each circle. Deploying an
IDS and/or IPS at each
of the department circles provides a means to monitor and block
attempts to violate
the policy of the system. If a system in the marketing
department attempts to
directly access systems in the human relations department it
might be a sign of an
employee trying to surreptitiously gather payroll information or
personnel folders. If
multiple systems, from say the research and development
department, attempt to
access systems in the other three segments it may signal a worm
or virus attempting
74. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
systems enterprise-wide. Such segregation of a network in turn
boosts the ability
for response teams to isolate or quarantine system compromises,
while the zones
not compromised continue conducting business.
75. Not only does network segregation lend itself to access control,
it also helps in
throughput management across a large network. Imagine a
university network
where multiple academic departments (e.g., Arts & Sciences,
School of Engineering)
are collectively connected to a single backbone network. Figure
2 depicts an
architecture where the backbone network provides conduit from
one department to
another department as well as connectivity for all departments
to access the global
Internet (i.e., Internet 1 and Internet 2). Network sessions over
the backbone will
likely outnumber sessions strictly within any single department
network. Because of
this, the backbone will be best served with network equipment
capable of high levels
of throughput and low latency. Hardware capable of 10 Gigabit
throughput is rather
expensive, perhaps too expensive to expect each department to
purchase such
equipment for their respective segment of the campus network.
Without suffering
79. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
to place such systems on a backbone network capable of
80. pushing large globs of data
at extremely high transfer rates. To work around this issue, we
place the IDS or IPS
between each department level network and the university
backbone. Acquiring
systems capable of lower throughput will be more cost
effective, and a distributed
monitoring infrastructure will also provide awareness of
network activity in each
segment of the greater network. Figure 2 shows such a setup
with circuits labeled
with their associated data transmission capabilities. The
magnified portion of Figure
2 leads us into the next sections covering detailed explanation
of IDS/IPS
deployment.
This section was admittedly a digression from the main topic.
However, the
concentric circles and segmentation of the network described
here are crucial to
understand and consider when planning the logical placement of
an IDS or IPS. The
concepts explained here are referred to in the remaining
sections of the document.
85. Network IDS & IPS Deployment Strategies
remotely from a system in the internal network.
Part A of Figure 3 shows the IDS connected to either a hub or a
switch capable
of configuring a SPAN port. On some managed switches, a
SPAN port can be
configured to send, “...all packets on the network to that port as
well as their
ultimate destination” (Baker, 2004). With such a configuration,
an IDS interface
being used to monitor traffic could be connected to a switch yet
be able to see all
traffic passing through. A network hub intrinsically shares data
passing through
itself to all of its ports such that any system connected to the
hub can see all traffic
sourced from or destined to every other system connected to the
hub. Using a hub
may not be the best option since systems would be capable of
intercepting traffic
not intentionally sent to them. When using either a hub or
switch with SPAN port
capabilities, the systems on the internal network are not at the
88. fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
The final portion, Part C near the bottom of Figure 3, illustrates
an IDS
connected inline. This instance includes two connections,
shown in red, with one
connected to the uplink port of the switch, and the second
connected to the external
network. In most cases, this is not the best method to use
because system failure of
the IDS will prevent systems on the internal network from
communicating with
external systems. Rarely is this an ideal outcome, either way it
is certainly an option.
The benefit of the inline configuration is a guarantee all packets
will be seen by the
IDS. Packets are subject to being missed when an IDS is
connected to a switch SPAN
89. port, especially when that switch is busy processing a large
burst of traffic.
Depending on the capability of an inline IDS, a similar burst
may lead to congestion
of network throughput.
Utilizing a management interface is required if the analysis is to
be done
remotely. It is possible to simply connect a keyboard and
monitor directly to the IDS
and manage the system locally from its console. Whilst this
may work for a small
office, in a large network this is typically not a viable option.
The same applies for
an IPS which is covered in the following section.
7.Connecting an IPS Device
Intrusion prevention systems are always connected inline. This
requirement
enables the IPS to drop select packets, and defend against an
attack before it takes
hold of the internal network (Hansteen, 2008). Here again, in
Figure 4, we have red
lines showing the network links being used to capture traffic.
91. ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Figure 4: IPS on the border of a network or zone.
The management interface, shown with a black dashed line, is
once again an option
but still commonly used to manage the system remotely.
Updating signatures and
otherwise adapting the system to defend against the latest
threats is an ongoing
task. Because of this, having an efficient means of
administering the device is
94. ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
IPS fails the network will typically see an increase in activity.
Something for network
engineers and intrusion analysts alike to consider when a
significant unexplained
spike in network activity is noticed on internal networks.
Connecting an IPS is rather simple. After reading this section,
you may wonder
what can be done to monitor traffic when an IPS either fails
entirely, or allows
malicious traffic through; perhaps from not being strict enough.
A layered approach
is introduced in the next section.
8.IDS & IPS Tuple Deployment
Prior to this section, the paper has discussed fundamentals of
deploying an IDS
or IPS. Now we move on to put these tools together,
constructing a layered approach
97. ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
connected out-of-band which is illustrated below in Figure 6.
The IDS is
strategically placed on the internal side of the router. As
before, both figures show
red lines depicting connections used to gather data for analysis
and/or filtering.
Figure 5: IPS & IDS connected inline.
With the exception of the management interface connected to
make remote
administration of the sensors more convenient, the two network
interface cards (NIC)
internal to the IPS and IDS (i.e., those connecting the IDS and
IPS to the red links) do
not require IP addresses be assigned to them. In fact not having
100. Network IDS & IPS Deployment Strategies
Figure 6: IPS connected inline, IDS connected to spanning
port.
Packets are only concerned with transporting data from source
to destination.
Therefore, having two invisible NIC's configured as a bridge
leaves the data
untouched as packets travel from the first NIC to the second and
carry on their merry
way. When unwanted traffic passes over the invisible IPS
bridge, the convivial
journey is abruptly interrupted much like an insect innocently
flying about before
being smashed against the windshield of a car traveling at high
speeds. For packets
the IPS is programmed to drop, the invisible bridge resembles a
thick sheet of glass
unable to be seen. The sender of the dropped packet receives no
response, and the
internal network never processes the dropped packet. Such a
scenario excites
security professionals charged with defending a network from
attack.
That is until their joy comes crashing down when the boss is
102. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
effect of an IPS being too stringent. To correct this, the IPS
needs to be tuned more
conservatively adhering to looser rules while analyzing traffic.
When the IPS is
103. configured too conservatively, we witness false negatives as
unwanted traffic freely
passes through. Obviously we have a conundrum between
protecting the network,
and keeping business flowing – having both live harmoniously
ensures the
aforementioned security staff remains employed.
This is where the IDS comes in. Since the IDS is not
responsible for dropping
packets, the security administrator can set the IDS to be very
aggressive. With this
higher level of sensitivity the IDS alerts when even the slightest
abnormality is
present in the traffic being inspected. After spending time
going through
extraneous alerts the analyst then tunes the IDS to disregard
traffic verified to be
benign. Conversely, as the analyst finds traffic on the IDS
posing a threat, a rule or
signature is written and the IPS blocks the threat. This
methodology allows analysts
the ability to analyze traffic and become familiar with a normal
baseline of traffic
without interrupting legitimate data flow on the network.
105. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Figure 7: Data state diagram.
The different states of traffic passed through this layered model
are exhibited
108. ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
to be implemented on the IPS to block similar future attacks.
The outcome is a
multi-layered approach to monitoring network traffic passing
through the boundary
of a network or subnetwork.
The main intent is to have the IPS block traffic known to be
unnecessary or
malicious, while the IDS remains sensitive alerting on traffic
that may be difficult to
categorize without risking termination of legitimate
communication. Conceptually,
the IPS is tuned somewhat conservatively and the IDS has a
more aggressive tuning.
The IDS also provides a checks and balances of its respective
IPS. Since the rules
109. implemented in the IPS also exist in the IDS, if the IPS fails the
IDS will continue
monitoring. If the IDS suddenly sends numerous alerts the IPS
is most likely in fail-
over mode or has witnessed a system crash. Without a layered
approach, traffic
would pass through the network unmonitored until the IPS was
brought online again.
As shown in figures 5 and 6, the IPS is deployed on the external
side of the
router or network edge. This allows the IPS to drop packets
prior to them hitting the
router and prevents the router from having to process
extraneous packets thus
lightening the load on the routers processor(s). It also provides
a means for the
analyst to research traffic “in the wild”, as well as seeing any
probes and scans
coming from external systems. If a brute force attack is posed
against the IPS, the
router avoids having to deal with such nonsense as the IPS
actively drops the attack
traffic on the floor. Unsuccessful network reconnaissance
attempts may be fed into
111. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
the midst of staging an attack. Even a minimally tuned IPS
would block this traffic,
but the analyst monitoring traffic external to his or her network
can gain great
insight into the latest attacks and threat trends.
Both figures show the IDS placement on the internal side of the
edge router.
112. This is required to see traffic being passed from or within the
internal network.
Especially in the case where the internal network is using
Network Address
Translation (NAT). Pinpointing internal systems using NAT'd
IP addresses would be
impossible from the perspective of the IPS since it is on the
outside. IDS placement
is critical when the analyst needs to track down internal systems
sending unwanted
traffic. Internal systems sending unwanted traffic may be
caused by a system not
configured correctly or possibly a compromised system
attempting to propagate
virus infection. Likewise, if an internal employee is
transferring data outside the
network, the IDS placed internally will be able to see exactly
where this data is
coming from and can be configured to report such activity.
Deploying IDS and IPS in pairs is substantially beneficial.
Having one without
the other will undoubtedly leave gaps in the monitoring of
network activity, or
114. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
9.Practical Applications and Uses
Using an IDS/IPS paired deployment for researching traffic
hitting the external
side of a network was briefly discussed in the previous section.
115. What was not
mentioned was the fact that having such a system on the
external side of the
network can actually help other administrators world wide.
Consider sharing traffic
profile information with collaborative groups such as the SANS
Internet Storm Center
by submitting activity logs. Or participate in the DSheild
Cooperative Network
Security Community. DSheild allows you to report malicious
activity while remaining
anonymous. Often times, system administrators do not know
when their respective
systems are wreaking havoc outside their network. With so
many worms and other
automated attacks occurring on the Internet, if your system is
being threatened,
chances are other innocent systems are being attacked in the
same manner.
In organizations required to test applications or carefully
examine the effect of
new patches prior to being applied to critical servers, it is good
practice to setup a
test computing environment. In such an environment it is best
118. Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
network? Clearly the test environment is an important piece of
modern information
technology shops.
For information security professionals attempting to evade IDS
and IPS
detection a test case is very useful. Once such an individual
feels they have their IPS
and IDS configured just right, they should seek a method to
evade their
implementation. Likewise with someone who thinks they can
sneak in, penetrating
the network unnoticed. They should then devise a method to
block their covert
attack. This is an invaluable means to make even the smartest
security professional
more capable.
As far as the Blackhats go, setting up a test case of an IDS/IPS
to launch
attacks against may be beneficial in honing their craft. As most
security folks know,
121. ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Figure 8: Distributed infrastructure of IPS/IDS sensors feeding
a centralized database.
It is important to note, that each IDS/IPS pairing will have their
own security
policy or rule set. What applies to Segment-1 may not apply to
Segment-2 and so
on. Furthermore, having the data sent to a centralized location,
will minimize the
number of highly skilled analysts the organization has to train
and keep on the
payroll. This will obviously bring about the highest return on
investment. On that
note, having one instance of data storage cuts down on the
number of required
123. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
such a system are only limited to one's imagination or task
orders.
124. 10.Conclusions
As with any security product designed to protect information
systems and the
data they process, there are limitations. If the intrusion
detection or prevention
system lacks rules clever enough to detect traffic of interest the
system will neither
send alerts nor drop packets appropriately. Keeping your
signatures updated and
maintaining other rules intended to find exactly what you want
is an ongoing
endeavor.
Another limitation is related to remediation of issues found with
a monitoring
system. This is a task very difficult to automate. If the
organization does not have a
viable means of responding to incidents and remediation efforts,
being alerted on
such events is useless. Often times being able to respond in a
timely fashion will
make the difference between an entire network virus infection
and limiting
compromises to the fewest amount of systems. Along those
lines, ignorance is bliss.
127. s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Strategic placement of the monitoring systems is crucial. If you
are trying to
capture traffic local to your network, you may be missing it if
you put it at the
network's border. Likewise if you only have one monitoring
system, and more than
one connection linking your local area network to external
networks. One important
network device you should be mindful of when selecting the
optimal placement of
your IDS or IPS is a Virtual Private Network (VPN)
concentrator. As traffic travels
through a VPN tunnel, it is encrypted and the IDS or IPS will
not be capable of
conducting adequate analysis.
There are an increasing number of methods to evade intrusion
detection.
While network intrusion detection and prevention systems are
adapting to an ever
128. changing environment, the methods of evasion are as well. We
must keep this in
mind when making a judgment call with respect to detecting an
intrusion. One
should not rely too heavily on IDS or IPS logs. Feeling overly
confident an intrusion
was avoided simply because such activity was not logged may
be a costly mistake.
On the other hand, assuming the IDS or IPS is correctly
classifying “malicious” traffic
when in fact the traffic is legit should be avoided as well.
Having an analyst skilled
in decoding packets will help minimize these mistakes (packet
decoding is
introduced in the SANS Security Essentials curriculum). In
short, having too much
trust in any single security product is a recipe for failure.
In conclusion, deploying systems designed to monitor network
activity will
bring about more awareness of the very nature in how the
respective network
Nicholas Pappas 31
130. et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
behaves, and what threatens its intended function. There is
certainly not a shortage
of malicious traffic being transmitted across the Internet.
Having a firewall at the
edge of a network is a nice piece of hardware to have protecting
internal networks.
However, in information security there are no silver bullets.
Network firewalls not
withstanding. It is crucial to have a layered preventive strategy.
Defense in depth is
the only reasonable tactic with such adaptable threats being
constantly presented to
132. , A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
11.References
Hansteen, P. N. M. (2008). The Book of PF: A No-nonsense
Guide to the OpenBSD Firewall.
San Fransico, CA: No Starch Press, Inc.
Baker, A. R., Beale, J., Caswell, B., & Poor, M. (2004). Snort
2.1 Intrusion Detection
Second Edition. Rockland, MA: Syngress Publishing, Inc.
134. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
12.Appendix A: Step by Step Build of an IDS/IPS
The following steps have been used to build both IDS and IPS
135. capabilities on a
single system. The subject operating system used is OpenBSD.
The hardware
consists of an Intel based computer with 5 network interface
cards installed. The
first two cards build an inline bridge and the second pair of
cards builds a second
inline bridge. The fifth card is used for remote management of
the system.
OpenBSD was chosen because of their reputation in security
and handling of the
network stack. The steps listed here pick up after a base install
of OpenBSD 4.2
(i386). For more information on how to install OpenBSD please
see their web site
(http://www.openbsd.org/faq/faq4.html).
While the author does not claim to be an OpenBSD guru, these
steps have been
verified to build a baseline IDS/IPS and displays alerts via the
Basic Analysis and
Security Engine (BASE) interface. No benchmarking has been
done on the prototype
system, and I would highly advise not deploying the resulting
system in a production
environment without some thorough testing. The prototype also
may (does) not
have permissions to their most restrictive setting. This
appendix was the result of
testing out concepts and ideas which were documented in the
respective paper and
thus the intent of this appendix is to save the reader time in
implementing a test
case to explore the concepts shared. Reading content is a good
start but, for many,
having hands on experience will be significantly more
137. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
General Outline:
1. Acquire OpenBSD ports
2. Network Setup
3. MySQL Installation
4. Snort Installation
5. Oinkmaster Installation
140. et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Partitions and their sizes for the prototype system:
Filesystem Size Mount Point
/dev/wd0a 200MB /
/dev/wd0h 10GB /archive
/dev/wd0g 5GB /home
/dev/wd0d 500MB /tmp
/dev/wd0f 15GB /usr
/dev/wd0e 10GB /var
Acquire OpenBSD Ports
We begin by downloading the ports collection. First find the
packages mirror
closest to your location and download the cvsup package. You
will find a listing of
the mirrors at this url (http://www.openbsd.org/ftp.html#ftp).
Here is the command
used on the prototype:
143. rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
--begin file content--
#Example command to use CVSup:
# cvsup -g -L 2 /etc/cvs-supfile
#Defaults applicable to all collections
*default host=cvsup.usa.openbsd.org
*default base=/usr
*default prefix=/usr
*default release=cvs
*default tag=OPENBSD_4_2
*default delete use-rel-suffix
*default compress
#Collections
OpenBSD-ports
--end file content--
Commit the following commands to download your collections
files. This will take
some time depending on your connection to the associated
mirror.
cvsup -g -L 2 /etc/cvs-supfile
You should now have OpenBSD's ports in /usr/ports.
Network Setup
First determine how the system indentifies each network
146. ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
the installation process to update the entire system.
sis0 = administrative interface
dc0 = external device non-verified
dc1 = internal device non-verified
dc2 = external device verified
dc3 = internal device verified
See the illustration below for an idea of how this system will be
connected and
deployed. Please note, the cable connecting the NIC labeled
dc1 to the router's
interface with an IP address of 192.168.0.3 is a crossover type
cable. The rest
shown in the image are regular straight through cables. As you
can see the router
separates two networks. The first network is a Class C
identified by 192.168.0.0/24,
and the second network is yet another Class C of
192.168.1.0/24. The rest of the
document will follow the concept of having 192.168.0.0 as the
external or non-
trusted network, and 192.168.1.0/24 being considered as the
trusted network.
Make sure to substitute for your needs where appropriate.
Nicholas Pappas 38
148. ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Figure 9: Protoype diagram.
Now that we know how to refer to the NIC's we need to create a
file for each. To do
this, commit the following commands, while substituting proper
identifiers for your
NIC's. First make sure these files don't pre-exist (they must
only have the word "up"
in them for our purposes):
rm /etc/hostname.dc0
rm /etc/hostname.dc1
rm /etc/hostname.dc2
rm /etc/hostname.dc3
150. 8
, A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Now create two bridges. The first bridge is intended to actually
filter traffic deemed
malicious or otherwise unwanted, and the second is to verify the
filter.
echo "add dc0" >> /etc/bridgename.bridge0
151. echo "add dc1" >> /etc/bridgename.bridge0
echo "up" >> /etc/bridgename.bridge0
echo "add dc2" >> /etc/bridgename.bridge1
echo "add dc3" >> /etc/bridgename.bridge1
echo "up" >> /etc/bridgename.bridge1
We should now see the following output from these commands:
cat /etc/bridgename.bridge0
add dc0
add dc1
up
cat /etc/bridgename.bridge1
add dc2
add dc3
up
Reboot the system by typing the following command:
reboot
Upon boot completion you should have the packets traveling
over both bridges.
Install these packages for convenience:
cd /usr/ports/net/wget
make install
MySQL Installation
First check to see if you already have the required package files
ls /usr/ports/packages/i386/ftp/mysql*
mysql-client-5.0.45.tgz
153. , A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
If you have these files already, you can skip the next step,
otherwise do the
following:
cd /usr/ports/databases/mysql
make install
Before we install the server we need to install the p5-DBD-
mysql package. To do
that commit the following steps:
cd /usr/ports/databases/p5-DBD-mysql
154. make install
Ok now you should have the required package files.
cd /usr/ports/packages/i386/all
pkg_add mysql-server-5.0.45.tgz
pkg_add mysql-client-5.0.45.tgz
Initial MySQL setup steps for running on OpenBSD. First
create the default database:
/usr/local/bin/mysql_install_db
Increase the kernel limit of open files by making the following
modification to
/etc/sysctl.conf.
echo "kern.maxfiles=4096" >> /etc/sysctl.conf
To automatically start MySQL during system boot append to
/etc/rc.local. You will
have to edit the file at /etc/rc.local in this case. At the bottom
of the file, add the
contents shown here.
#Added to start MySQL during boot.
if [ -x /usr/local/bin/mysqld_safe ]; then
su -c mysql root -c '/usr/local/bin/mysqld_safe --log-error
>/dev/null 2>&1 &'
mkdir -p /var/run/mysql
ln -s /var/www/var/run/mysql/mysql.sock
/var/run/mysql/mysql.sock
echo -n ' mysql'
sleep 5
echo ' done'
fi
156. ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
To make the above entry into /etc/rc.local work properly, we'll
need to add to the
/etc/login.conf and then rebuild the login.conf.db as described
here:
First open /etc/login.conf and add:
# MySQL class
mysql:
:openfiles-cur=1024:
:openfiles-max=2048:
:tc=daemon:
Then rebuild the login.conf with:
cap_mkdb /etc/login.conf
157. Fix some permissions issues so that we can get mysqld started
and set a password.
mkdir -p /var/run/mysql
chown -R _mysql /var/run/mysql
Manually start the MySQL daemon for purposes of completing
the install.
su -c mysql root -c '/usr/local/bin/mysqld_safe'
/usr/local/bin/mysqladmin -u root password 'secret-pass'
/usr/local/bin/mysqladmin -u root -h centaur.sci-fer.com
password 'secret-pass'
At this time now MySQL is installed, it's now time to configure
it specifically for our
purposes. Shutdown the MySQL daemon.
mysqladmin shutdown -p
<enter MySQL root password>
Next copy the configuration file we'll be using.
cp /usr/local/share/mysql/my-large.cnf /etc/my.cnf
Now do some preparatory steps for our my.cnf file.
mkdir -p /var/www/var/run/mysql
chown _mysql._mysql /var/www/var/run/mysql
Next step is to configure the MySQL Daemon such that it
injects the socket in the
proper location. To do this we need to make two subtle
modifications. First change
Nicholas Pappas 42
159. et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
the client section in /etc/my.cnf from this:
[client]
#password = your_password
port = 3306
socket = /var/run/mysql/mysql.sock
To this:
[client]
#password = your_password
port = 3306
socket = /var/www/var/run/mysql/mysql.sock
Likewise, the mysqld section needs to be changed from this:
# The MySQL server
[mysqld]
162. ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Now we have a clean slate. Check for something very similar to
the following output.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
+--------------------+
2 rows in set (0.00 sec)
mysql> quit;
Snort Installation
Before we create the Snort database we build and install Snort
from ports. To do
that follow these steps.
cd /usr/ports/net/snort
export FLAVOR=mysql
make install
NOTE: At the end of the compile it states how to invoke Snort
properly
--start of snip--
snort-2.6.0.2p1-mysql: complete
--- snort-2.6.0.2p1-mysql -------------------
An up-to-date set of rules is needed for Snort to be useful as an
IDS.
170. ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Oinkmaster Installation
Next we'll install the Oinkmaster package to maintain our Snort
rules files.
Run the `make install` from ports after setting the FLAVOR
environment variable
back to null.
export FLAVOR=
cd /usr/ports/net/oinkmaster
make install
Now you will probably want to register with Snort to have
Oinkmaster keep your
rules up to date. Register at https://www.snort.org/pub-
bin/register.cgi. Here is a
snippet from the oinkmaster.conf file which explains this
requirement.
--start of snip--
# As of March 2005, you must register on the Snort site to get
access
# to the official Snort rules. This will get you an "oinkcode".
# You then specify the URL as
# http://www.snort.org/pub-
bin/oinkmaster.cgi/<oinkcode>/<filename>
# For example, if your code is 5a081649c06a277e1022e1284b
and
173. ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
snapshot-2.6.tar.gz
Save the file and then give it a test by running Oinkmaster
manually.
cd /etc/snort/rules
oinkmaster -o .
You should now have the rules files populated in the
/etc/snort/rules directory. To
check this list the files in that directory. You will see the files
containing signatures
if Oinkmaster is working properly.
ls
To learn more about Oinkmaster it is recommended that you
read the
documentation, specifically the README file located on this
page:
http://oinkmaster.sourceforge.net/readme.shtml
NOTE: At the time of this writing, there appears to be
something wrong with the
syntax of the telnet rules so you may need to remove that rule or
otherwise fix the
176. ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Barnyard to take the unified output from Snort and insert it into
the MySQL database.
cd /usr/local/share
wget http://www.snort.org/dl/barnyard/barnyard-0.2.0.tar.gz
tar -xvzf barnyard-0.2.0.tar.gz
rm barnyard-0.2.0.tar.gz
cd barnyard-0.2.0
To prevent the loss of MySQL connection(s). We need to patch
Barnyard source
before compiling it.
cd barnyard-0.2.0
Now edit the file named “src/output-plugins/op_acid_db.c” by
adding the following
just before a line containing: "while(mysql_ping(mysql) != 0)"
mysql->reconnect=1;
The final function should look exactly like this:
--start of snip--
int MysqlExecuteQuery(MYSQL *mysql, char *sql)
{
int mysqlErrno;
int result;
179. Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5
06E4 A169 4E46
Network IDS & IPS Deployment Strategies
while(mysql_ping(mysql) != 0)
{
if(BarnyardSleep(15))
return result;
}
LogMessage("Reconnected to MySQL server.n");
}
else
{
/* XXX we could spin here, but we do not */
LogMessage("MySQL Error(%i): %sn", mysqlErrno,
mysql_error(mysql));
}
}
return result;
}
--end of snip--
Ok now we're clear to compile Barnyard.
./configure –enable-mysql
make
make install
cp /usr/local/share/barnyard-0.2.0/etc/barnyard.conf /etc/snort/
Integration
Now we need to integrate many of the applications we have
installed thus far.
cd /etc/snort
182. "var HOME_NET [192.168.1.0/24,192.168.0.3]"
Also Change:
"var EXTERNAL_NET any"
to:
"var EXTERNAL_NET !$HOME_NET"
To make Snort send alerts through Barnyard we uncomment the
following lines:
# output alert_unified: filename snort.alert, limit 128
# output log_unified: filename snort.log, limit 128
Such that they look like this:
output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128
Save your snort.conf changes and exit your favorite editor.
Now we'll need to make
two configuration files. One for the first bridge and the other
for the second bridge.
First let's make barnyard-bridge0.conf
cd /etc/snort/
cp barnyard.conf barnyard-bridge0.conf
Now make the following modifications:
Change:
# config daemon
to this
config daemon
Change:
#config localtime
to this
config localtime
Change:
config interface: fxp0