If you have not done so$,$ complete the weekly lab and save your screenshots in the Assignment Template $($linked in Resources$).$ Briefly describe what you learned from or observed in the lab and include it in the section with your screenshots in the Assignment Template. Be specific.

Complete the following:

Part $1$

Imagine the Anchor Hospital IDS is sending the following alert to the administration console with unexpected frequency $($every two minutes$)$:

$2019-02-1514$:$33$:$18\mathrm{.}528[1$:$19559$:$5]$ INDICATOR$-$SCAN Denial of service attempt $[$Classification: activity$][$Priority: $1]\{$TCP$\}200\mathrm{.}200\mathrm{.}200\mathrm{.}11$:$64757->192\mathrm{.}168\mathrm{.}128\mathrm{.}157$:$22$

Due to the abnormally high volume $($and the fact that the IDS was recently reconfigured$),$ you suspect that your IDS may be returning false alerts.

Describe investigative actions that would confirm or deny your suspicion.

Part $2$

Imagine that you determine that the high number of alerts was not false but a denial of service $($DoS$)$ attack.

Identify two controls to mitigate the attack and explain why each is appropriate.

Part $3$

You now recognize the importance of network monitoring and are concerned about the possibility of internal attacks as well.

Explain where you chose to place the IDS agent or agents on the network to maximize effectiveness against internal attacks.

Update your network diagram to reflect the position of each IDS agent and add it to the template.