Professional Documents
Culture Documents
Monitoring and Logging Network Traffic 3e - Mason Burton
Monitoring and Logging Network Traffic 3e - Mason Burton
Student: Email:
Mason Burton mburton868@ntcc.edu
Page 1 of 10
Monitoring and Logging Network Traffic (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 06
14. Make a screen capture showing the updated Pass Lists page.
Page 2 of 10
Monitoring and Logging Network Traffic (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 06
28. Make a screen capture showing the active Snort status on the LAN interface.
Page 3 of 10
Monitoring and Logging Network Traffic (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 06
38. Make a screen capture showing the ICMP alerts in the Snort Active Log.
17. Make a screen capture showing the pfSense firewall log events in Kiwi Syslog Server.
Page 4 of 10
Monitoring and Logging Network Traffic (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 06
17. Make a screen capture showing the active Snort status on the DMZ interface.
20. Make a screen capture showing the Snort GPLv2 Community Rules enabled and "live-
reloading" message.
Page 5 of 10
Monitoring and Logging Network Traffic (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 06
Page 6 of 10
Monitoring and Logging Network Traffic (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 06
Page 7 of 10
Monitoring and Logging Network Traffic (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 06
Page 8 of 10
Monitoring and Logging Network Traffic (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 06
Summarize your DMZ breach simulation results, highlighting what you found to be the greatest
concerns from a network monitoring perspective.
After running the DMZ breach simulation with Infection Monkey, I discovered serious problems in the
network. There are lots of weak spots that attackers could exploit. Some systems seem very easy for
attackers to break into. This shows we really need to improve our network security and monitoring to
fix these issues.
Describe any concerns about the structure of the query result or the data elements it contains. What
data fields would you add, remove, or edit to make log analysis more effective?
I'd say personally everything feels right to me however I think making the UI better would be a help
along with minor simplifying
Page 9 of 10
Monitoring and Logging Network Traffic (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 06
Write a brief memo to your manager describing Splunk’s usefulness in detecting traces of your
simulated breach. What configuration changes would you recommend? How would you enhance its
functionality?
?Splunk effectively detected breach traces but requires configuration adjustments. ??I recommend fine
tuning alerts, expanding data collection, implementing correlation rules, integrating threat intelligence
feeds, and ensuring regular training and monitoring for enhanced functionality. ?
Page 10 of 10
Powered by TCPDF (www.tcpdf.org)