ch 12 Monitoring and Auditing Flashcards
1
Q
anomaly-based monitoring
A
based on baseline monitoring
2
Q
monitoring tech
A
Monitoring
Methodology
Description
Signature-based
monitoring
Network traffic is analyzed for predetermined attack patterns.
These attack patterns are known as signatures.
Anomaly-based
monitoring
Establishes a performance baseline based on a set of normal network
traffic evaluations.
Requires a baseline.
Behavior-based
monitoring
Looks at the previous behavior of applications, executables, and/or the
operating system and compares that to current activity on the system.
If an application later behaves improperly, the monitoring system will
attempt to stop the behavior.
Requires a baseline.