Q1. When running Snort IDS why might there be no alerts?AcTvaTon of one of the rules may include alarm (alert), as speciFed in the IDS se±ngs, enablepacket logging (log), or simply be ignored (pass). ²orum rules (rule opTons) allow specifyingcertain contents of the package (e.g., a speciFc byte or packet size), as well as specify themessage, which is displayed in the log. However, if the IDS is conFgured incorrectly, it can blockall logs with alerts. In this case, during the program, the user will not receive any alarms.Q2. If we only went to a few web sites, why are there so many alerts?IDS detects all, even Tny, changes in network packets (e.g. a³empts to “ping” the PC), even thosethat are completely safe and which openly use a variety of trusted sites. In consequence of this,the work on the web together with ID Scan create a large number of so-called “empty” alerts. InaddiTon to the rules, the Snort IDS allows you se±ng the so-called preprocessors (preprocessors),which scans the tra´c before starTng to operate the usual rules. Preprocessors are especiallyuseful when working with convenTonal or known to tra´c, such as port scans and ping-packets,which can reduce the speed of processing through the normal rules that require more resources.µhis also a¶ects the number of alerts.Q3. What are the advantages of logging more informaTon to the alerts Fle?Logging more informaTon in the alert Fles of IDS will provide an opportunity to recognize thevarious threats associated with the interests of a parTcular user. µhis will always be “in service” ofnetwork a³acks and provide the user with the most reliable protecTon.Q4. What are the disadvantages of logging more informaTon to the alerts Fle?However, the registraTon of more informaTon in the alert Fles need to have a high level of skillsin the use of the IDS and the understanding of the result to be achieved, otherwise, theincompetence of use can lead to bothersome “empty” alerts and overload the network and thesystem and even cause malfuncTons.
I am not really sure of the differences between the tracks... I know how they intend to be different, but I know nothing of how it works out. I will see what my current group members think, as I am the only one (of five) that went through the policy path. They now offer the digital forensics path, as well.
Things are extremely arbitrary. I had a rough week in one of my conferences and posted some of my items late. Instead of evaluating them fairly and then deducting a letter grade, they were essentially graded as if they were not done at all. Even though that week is only worth 5% of my grade, that week has single-handedly ruined my possibility of getting an A. I am thinking about bringing it up, because it would change my overall grade by 2%, enough to give me an A by my estimates. For what the school costs, the gamemanship is quite ridiculous.
I think that the quality of courses are directly impacted by the instructors. For instance, my professor for CSEC 610, who was the toughest grader I have had, travels the world and relates experiences with all of his students; he was extremely knowledgeable and provided relevant feedback. The one exception being my CSEC 635 course, where I loved the course for the content, but the professor was pretty miserable because she provided hardly any feedback (certainly not timely) and was horribly inconsistent. My professor this semester is a bit of an enigma... during the first part of the semester, he seemed to be responsive and provide feedback... and this is when we only had individual assignments, so he was doing more work; now, he simply ignores questions about assignments and they are all group work.
I honestly think that for folks that have work responsibilities and that you want more than just a piece of paper, this program is probably not for you. If you want something out it, as with any program, you have to put a lot in... and based on the syllabus and schedule, you really can't do everything that is outlined if you have any significant responsibilities. I have had conference weeks where the reading assignment was an entire book and a couple of chapters from other books... that is all supposed to be read so that you can do your primary responses by Wednesday; that simply isn't going to happen for most people (speed readers and those without a life are the exceptions). I also don't like how we are going through books and reading chapters piecemeal from different books... I would much prefer that if a semester is going to be focused on 2-3 books (at this point, not text books, but early in the program was text books), that we focus on one book for a few weeks, and then another, and so on.
I am going to be taking a break from degree seeking work for a while. I am thinking that I may look into some "skill" courses at my local community college, for fun (welding and machining), or try to find a course in German or a physics course. I am intent on getting an MBA, eventually, and I could easily get one through UMUC, since it would only take 18 credit hours with my current work, but I really think that it would be a waste.