Chapter 8

Ace your homework & exams now with Quizwiz!

This intruder skill level include: hackers with minimal technical skill who use existing attack toolkits comprise the largest number of attackers are the easiest to defend against

What is Apprentice

This IDS approach involves the use of rules for identifying known penetration or penetrations that would exploit known weaknesses, rules can also be defined that identify suspicious behavior, even when the behavior is within the bounds of established patterns of usage

What is Heuristic-based approaches

The purpose of this type of format is to define data formats/exchange procedures for sharing information of interest to intrusion detection and response systems and to management systems that may need to interact with them

What is Intrusion detection exchange format

This intruder skill level include: hackers with sufficient technical skills to modify and extend attack toolkits to use newly discovered or purchased vulnerabilities may be able to locate new vulnerabilities to exploit that are similar to some already known found in all intruder classes

What is Journeymen

This intruder skill level include: hackers with high-level technical skills capable of discovering brand new categories of vulnerabilities write new attack toolkits include better known classical hackers employed by state sponsored organizations

What is Master

This IDS approach matches a large collection of known patterns of malicious data against data stored on a system or in transit over a network, where the signatures need to be large enough to minimize the false alarm rate, while still detecting a sufficiently large fraction of malicious data

What is Signature based detection

This IDS analysis approach uses a set of known malicious data patterns or attack rules that are compared to current behavior, can only identify known attacks for which it as patterns or rules is also know as misuse detection,

What is Signature/Heuristic based detection

This type of intruder is a member of an organized crime group with a goal of financial reward

What is a Cyber Criminal

This type of intruders activities may includes Identity theft theft of financial credentials corporate espionage data theft data ransoming

What is a Cyber Criminal

This Key element of the functional model includes network packets, operating system audit logs, application audit logs, and system-generated checksum data

What is a Data Source

This key element of the functional model is the raw data that an IDS uses to detect unauthorized or undesired activity.

What is a Data Source

This IDS adds a specialized layer of security software to vulnerable or sensitive systems, and can use either anomaly or signature and heuristic approaches

What is a Host-based intrusion detection system

This type of honeypot, consists of a software package that emulates particular IT services or systems well enough to provide a realistic initial interaction, but does not execute a full version of those services or system.

What is a Low Interaction Honeypot

This type of sensor is a NIC in promiscuous mode that will just listen to all network traffic, and is more efficent

What is a Passive sensor

This key element of the functional model collects data from the data source, and then forwards events to the analyzer

What is a Sensor

This type of intruder are groups of hackers sponsored by governments to conduct espionage or sabotage activities, and are also know as advanced persistent threats

What is a State-Sponsored intruder

This type of HIDS allows us to take the network into consideration, and move beyond the single host

What is a distributed HIDS

This detection system combines information from a number of sensors, often both host and network based, in a central analyzer that is able to better identify and respond to intrusion activity

What is a distributed or hybrid intrusion detection system

This type of honeypot is a real system, with a full O/S, services and applications which are instrumented and deployed where they can be accessed by attackers

What is a high interaction honeypot

This type of honeypot provides a more realistic target that may occupy an attacker for an extended period, but requires significantly more resources and if compromised could be used to initiate attacks on other systems

What is a high interaction honeypot

This decoy system is designed to lure a potential attacker away from critical systems, collection information about the attacker, and encourage the attack to stay on the system long enough for admins to respond

What is a honeypot

This system is filled with fabricated information that a legitimate user of the system wouldn't access, also the resources have no production value so, incoming communication is most likely a probe, scan or attack, and outbound communications suggests the system has been compromised

What is a honeypot

This detection system monitors the characteristics of a single host for suspicious activity

What is a host-based intrusion detection system

This type of honeypot provides a less realistic target, but is often sufficient for use as a component of a distributed IDS to warn of imminent attack

What is a low interaction honeypot

This type of IDS monitors traffic at selected points on a network, and examines traffic packet by packet in real time

What is a network based intrusion detection system

This detection system monitors network traffic and analyzes network, transport, and application protocols to identify suspicious activity

What is a network-based intrusion detection system

This type of intruder are either individuals or members of a larger group of outsider attackers who are motivated by social or political causes

What is an Activist

This type of intruder has a low skill level and the aim of their attacks is often to promote and publicize their cause typically through website defacement denial of service attacks theft and distribution of data

What is an Activist

This key element of the functional model is the ID component or process that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator

What is an Analyzer

The disadvantage of this honeypot is that it has little or no ability to trap internal attackers.

What is an external honeypot

This type of sensor has network traffic go through the sensor and doesn't require an additional piece of hardware, just software

What is an inline sensor

The disadvantages of this honeypot is if the honeypot is compromised it can attack other internal systems.

What is an internal honeypot

This IDS analysis approach involves the collection of data relating to the behavior of legitimate users over a period of time, and current observed behavior is analyzed to determine whether this behavior is that of a legitimate user or that of an intruder

What is anomaly-based detection

A honeypot at this location can catch internal attacks, and can also detect a misconfigured firewall that forwards impermissible traffic from the internet to the internal network.

What is behind the firewall

This term is when a hardware or software function that gathers and analyzes information from various areas within a computer or a network to identify possible security intrusions

What is intrusion detection

This type of anomaly based detection use an expert system that classifies observed behavior according to a set of rules that model legitimate behavior

What is knowledge based anomaly based detection

This type of anomaly based detection automatically determine a suitable classification model from the training data using data mining techniques

What is machine-learning anomaly based detection

A honeypot that is deployed in this location is useful for tracking attempts to connect to unused IP addresses with the scope of the network, and does not increase the risk for the internal network

What is outside the external firewall

This term is the unauthorized act of bypassing the security mechanisms of a system

What is security intrusion

This type of anomaly based detection is analysis of the observed behavior using univariate, multivariate, or time-series models of observed metrics

What is statistical anomaly based detection

This key element of the functional model has functions that typically include sensor and analyzer configuration, event notification management, data consolidation, and reporting

What is the Manager

This key element of the functional model is the ID component or process from which the operator manages the various components of the IDS

What is the Manager

This key element of the functional model is the human that is the primary user of the IDS manager, and often monitors the output of the IDS and initiates or recommends further action

What is the Operator

This key element of the functional model is the human with overall responsibility for setting the security policy of the organization, and, thus, for decisions about deploying and configuring the IDS

What is the administrator


Related study sets