Assignment #5 – VPNs, Firewalls, & IDPS
Answer the following questions and explain with as much detail as necessary for each of the concepts.
What will we do?
Describe the three logical components of an IDS.
List some desirable characteristics of an IDS.
An example of a host-based intrusion detection tool is the tripwire program.
This is a file integrity checking tool that scans files and directories on the system on a regular basis and notifies the administrator of any changes. It uses a protected database of cryptographic checksums for each file checked and compares this value with that recomputed on each file as it is scanned. It must be configured with a list of files and directories to check and what changes, if any, are permissible to each. It can allow, for example, log files to have new entries appended, but not for existing entries to be changed.
What are the advantages and disadvantages of using such a tool? Consider the problem of determining which files should only change rarely, which files may change more often and how, and which change frequently and hence cannot be checked.
Consider the amount of work in both the configuration of the program and on the system administrator monitoring the responses generated.
What are the benefits of VPNs? What are the limitations of VPNs – especially in home usage?
List three design goals for a firewall.
How does an IPS differ from a firewall?
Consider the threat of “theft/breach of proprietary or confidential information held in key data files on the system.”
One method by which such a breach might occur is the accidental/deliberate e-mailing of information to a user outside of the organization. A possible countermeasure to this is to require all external e-mail to be given a sensitivity tag (classification if you like) in its subject and for external e-mail to have the lowest sensitivity tag.
Discuss how this measure could be implemented in a firewall and what components and architecture would be needed to do this.
Why are we doing this?
These are complex topics that can take time to hone the skills. These discussions are meant to show that you have a basic understanding of the concepts and that you can critically think through complex topics.
Learning Objectives
This assignment makes use of multiple course objectives
Describe and explain information security threats, vulnerabilities, and attack types.
Identify information security requirements for organizations and systems.
Explain Integral parts of best practices in information security.