Week 9 & 10

Even though the fourteenth week is still a few weeks from now, I can already smell the scent of vacation and taste the feeling of getting sufficient rest once again. Before we finally slack off, the term must be concluded first and one thing that will help seal the deal is to finish this learning log. For the past weeks, we met our old friend, the Cisco Packet Tracer and played with standard and extended access control lists to implement a network with varying protocols. This time around, we have discussed about limitations of technical preventive controls. As mentioned during the first day, protection should be layered with prevention, detection, and response controls. Preventive controls, such as firewalls, although effective, are not efficient due to the limited actions that can only be done. Its sole purpose of existence revolves in two things: allowing and denying traffic. For example, the APC building allows employees and students to park in the basement. In order to validate a person's claim whether he is an APCian or not, the guard will simply observe how the person dresses according to the dress code policy. If he managed to follow the policy, the guard will permit access to park. The chink in the armor was that the people allowed to park in the basement is not thoroughly verified whether he is a legitimate personnel or student, or an intruder attempting to break in by simply blending in with the crowd. This is where the detection part comes in. To fill the gap which the preventive controls have made, Intrusion detection systems have to bulge in especially when the traffic carries any type of suspicious activity. Snort is specialized in real-time traffic analysis and packet logging which looks for doubtful signatures and alerts the system by displaying pop-up windows, messages, e-mails etc. For the succeeding weeks, we will be configuring Snort and play around with its variety of rules.