Read the analysis at the links below: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html Question 1 The threat expert links above describes Gimmiv.an as: .it could technically be classified as a network-aware trojan that employs functionality of a typical RPC DCOM network-aware worm to attack other hosts in the network.” Describe your interpretation of the above quote. Focus on the behavior and explain how the code could impact a network. Explain in a few paragraphs what specific techniques you may use to detect the above threat caused by Gimmiv.a. What snort rule(s) should you use to prevent (or detect) the above threat? You will have to do research to explain your answers sufficiently. Question 2 Do you think IDS like Snort can easily detect a covert channel? For example, can you write an effective set of Snort rules to prevent any information leak through a covert channel? Explain your answer in detail and support your answer with research and documentation. Note: No plagiarism APA format in text citation all reference must be listed out.
Get Free Quote!
406 Experts Online