Secure computer network dataCarl Williams Jr.Kaplan UniversityManagement of Information SecurityIT540Dr. KOctober 10, 2015Secure computer network dataAbstractUnit III of IT540 is a two part assignment. In Part I, Securing the Network with an Intrusion Detection System (IDS). Capturing screenshots in Part2, Step 19; Part3 Steps 3, 5, and 7. This exercise is a Snort lab, a scenario so students can become familiar with Snort Software. Part II of the assignment consists of five questions for the student to answer. The questions are to reinforce what the lab showed us with questions highlighted the steps and tools utilized in network protection.PART IPart 1: Jones & Bartlett Lab 10: Securing the Network with an Intrusion Detection System (IDS).Screen Capture of the Filtered Results[pic 1]Alerts Identified by Snort (10/11/2015)[pic 2]Abnormal/Unusual Sessions I dentified by Snort[pic 3]TFTP GET passwd details Screen Capture[pic 4]PART IIHypothetical Break-InQ1. Listed steps that would be taken and utilities that would be used to determine what servers were compromised.The steps taken when a server has been compromised as the Information Security Office has been notified should act by putting in place the plan for the compromise. This plan can have the tools and the steps necessary to make a determination of the damage committed. The logs should be checked looking at the command history and the log files in /var/logs. Look at the file dates, permissions (777) and sizes for anything unusual. Check cron jobs, a very popular way for hackers to come back on a system; look for unusual jobs. Of course use an anti-virus or malware programs to scan and check for compromisation ("Compromised Servers," Dec 21, 2012).There are tools available to when checking a compromised server. One of the tools that can be used are VirusTotal is a free online virus scanning service that analyzes files and URLs. This site identify's worms, trojans, viruses or other malicious content detected by website scanners or antivirus engines ("VirusTotal ," n.d.). Q2: Properly lists files that would be checked, and utilities that would be utilized for the determination.It's essential to have a list of files to check and utilities when a system has been compromised. Files to be checked are .ddl, exe, ocx and system binaries are files that you should be checked. A toolkit/utility to use is that is free called Live Forensic Tool (LFT) that consists of trusted files and tools that can be used for Computer Forensics on Windows computers. As part of the toolkit NirSoft's which include EseInfo, HashMyFiles, CurrProcess, and FoldersReport ("LFT," n.d.).