Here’s a list of all our presentations thus far:
|Class #||Date of Class||Powerpoint||Additional Items|
|1||Monday, May 9th||Lecture #1||Review Videos on Wireshark|
|2||Wednesday, May 11th||Lecture #2||Templates for IRPs|
|3||Monday, May 16th||Lecture #3||Quiz #1|
|4||Wednesday, May 18th||Lecture #4||Directions to Configure Snort|
|5||Monday, May 23rd||Class Cancelled||Submit Wireshark JPEG Assn|
|6||Wednesday, May 25th||Installing Snort||Deval’s: snort
Steven Tang’s: Snort
|7||Monday, May 30th||No Class||No Class|
|8||Wednesday, June 1st||Lecture #5||Quiz #2|
|9||Monday, June 6th||Splunk-6.2.3-PivotTutorial||Splunk Book|
|10||Wednesday, June 8th||Lecture #6||Quiz Retake Opportunity*|
|11||Monday, June 13th||Lecture #7|
|12||Wednesday, June 15th||Final Exam||IRP Paper Due|
*After class, students will have the opportunity to take “Quiz #3.” Questions will be from any previous material. Of the THREE (3) Quizzes taken, Professor Deval will take the highest TWO (2) Quiz grades.
Participation Notes :
Full participation credit is contingent on the completion of the following:
- Wireshark Assignment (Extracting Images)
- 3 Weekly Participation Submissions
IRP – Final Paper Notes:
Due: Saturday June 18th 2016 by 12pm
Students are tasked with creating an Incident Response Plan (IRP) template with a maximum of 4 team members. There is no page minimum or maximum. Assume any industry. Paper submissions should be sent by each individual student (regardless of a group submission)
Final Exam Notes:
Date: Wednesday, June 15th
Students will select NINE (9) of the TWELVE (12) Questions to answer. Students will be not rewarded for answering any more questions.
Time: 90 Minutes
Style: Open-Ended and Open-Note
Final Grade Distribution:
Final grades is broken into four components each worth 25%:
- Participation (See above)
- Quiz Averages (Average of the highest two quiz grades)
- IRP Final Paper
- Course Final Exam
Here is the Optional Quiz with the answers.
As mentioned in class, here is the contact info for the recruiter for a position in NYC for a penetration tester.
Please note that the gradebook has been updated for quiz 2 and all of the submitted reading summaries.
Get certified for Splunk here: http://www.internet2.edu/blogs/detail/10079
I finally got my snort working. We have to use the Registered version of snort rules from Snort website. If you are using latest version of Snort then you will need to download snortrules-snapshot-2982.tar.gz rules
Snort Setup Instructions:
1. Download and install Snort version 184.108.40.206 exe
2. Sign in to Snort website and download rules ( snortrules-snapshot-2982.tar.gz ) under Rules -> Registered section
3. Extract the rules file ( snortrules-snapshot-2982.tar.gz ) using Winrar or 7-Zip
4. Copy all files from the extracted snortrules-snapshot-2982 folder to your Snort installation folder C:\Snort\
NOTE: Overwrite any existing files
5. Edit your snort.conf file located in c:\snort\etc\ to your windows path
Here is my modified: snort.conf
6. Find your wireless/Ethernet interface # by typing: route print at the command prompt
7. Open a command prompt (cmd.exe) and navigate to folder “C:\Snort\bin” folder. ( at the Prompt, type cd c:\snort\bin )
8. To run snort enter the following command:
snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 4
Note: My wireless interface # is 4
Hi All –
I have a question which I would like your input on; what are some of the ways that organizations forensics teams use to correspond with their computer incident response teams if they notice collusion between an insider and an external attacker?
Thanks for your input.
Welcome to Intrusion Detection and Response class. I look forward to getting to meeting all of you next week. You will be able to find the syllabus and a rough schedule at MIS Community site. I like the course to be fluid so that we can make it effective for the class. If you have any questions prior to the class, please feel free to either post a question or send me an email.
If you don’t mind please take a moment to introduce yourself, so that I get familiar with your expectations for this class.