Read the analysis at the links below: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html Question 3 [20%]

education

Description

Read the analysis at the links below: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html Question 3 [20%] The threat expert links above describes Gimmiv.an as: “….it could technically be classified as a network-aware trojan that employs functionality of a typical RPC DCOM network-aware worm to attack other hosts in the network.” Describe your interpretation of the above quote. Focus on the behavior and explain how the code could impact a network. Explain in a few paragraphs what specific techniques you may use to detect the above threat caused by Gimmiv.a. What snort rule(s) should you use to prevent (or detect) the above threat? You will have to do research to explain your answers sufficiently. Question 4 [10%] You learned a covert channel in Week 6. Do you think IDS like Snort can easily detect a covert channel? For example, can you write an effective set of Snort rules to prevent any information leak through a covert channel? Explain your answer in detail and support your answer with research and documentation


Related Questions in education category


Disclaimer
The ready solutions purchased from Library are already used solutions. Please do not submit them directly as it may lead to plagiarism. Once paid, the solution file download link will be sent to your provided email. Please either use them for learning purpose or re-write them in your own language. In case if you haven't get the email, do let us know via chat support.