Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Info Assurance and Security > Chapter 8 > Flashcards

Chapter 8 Flashcards

1
Q

One of the most publicized threats to security is the ____

A

Intruder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • Individuals or members of an organized crime group with a goal of financial reward
A

Intruders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Intruders’ activities are

A
  • identity theft
  • theft of financial credentials
  • corporate espionage
  • data theft
  • Data ransoming
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • are either individuals, usually working as insiders, or members of a larger group of outsider attackers, who are motivated by social or political causes
  • also known as hacktivists (low skill level)
  • aim of their attacks is often to promote and publicize their cause
A

Activists ( Class of Intruders )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • groups of hackers sponsored by governments to conducts espionage or sabotage activities
  • Also known as Advanced Persistent Threats (APTs) due to the covert nature and persistence over extended periods involved with any attacks in this class
  • Widespread nature and scope of these activities by a wide range of countries
A

State-Sponsored Organization ( Class of Intruders )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • hackers with minimal technical skill who primarily use existing attack
  • they likely comprise the largest number of attackers, including many criminal and activist attackers
  • Given their use of existing known tools, these attackers are the easiest to defend against
  • also know as “script-kiddies” due to their existing scripts (tool)
A

Apprentice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • Hackers with sufficient technical skills to modifyand extend attack toolkits to use newly discovered, or purchased, vulnerabilities
  • They may be able to locate new vulnerabilities to exploit that are similar to some already known
  • Hackers with suck skills are likely found in all intruder classes
  • adapt tools for use by ohers
A
  • Journeyman
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  • Hackers with high-level technical skills capable of discovering brand new categories of vulnerabilities
  • Write new powerful attack toolkits
  • Some of the better known classical hackers are of this level
  • some are employed by state-sponsored organizations
  • defending against these attacks is of the highest difficulty
A

Master

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Examples of intrusion

A

Remote root compromise
Web server defacement
Guessing/cracking passwords
Copying databases containing credit card numbers
Viewing sensitive data without authorization
Running a packet sniffer
Distributing pirated software
Using an unsecured modem to access internal network
Impersonating an executive to get information
Using an unattended workstation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

intruder behaviour

A
  • Target acquisition and information gathering
  • Initial access
  • Privilege escalation
  • Information gathering or system exploit
  • Maintaining access
  • Covering tracks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system without having authorization

A

Security Intrusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an authorized manner

A
  • Intrusion Detection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Kinds of Intrusion Detection System (IDS)

A
  • Host-based IDS
  • Network-based IDS
  • Distributed or hybrid IDS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Monitors the characteristics of a single host for suspicious activity

A

Host-based IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Monitors network traffic and analyzes network, transport, and application protocols to identify suspicious activity

A

Network-based IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Combines information from a number of sensors, often both host and network based, in a central analyzer that is able to better identify and respond to intrusion activity

A

Distributed or hybrid IDS

17
Q

Intrusion Detection System comprises three logical components

A
  • Sensors (collect data)
  • Analyzers (determine if intrusion has occurred)
  • User-interface (view output or control system behaviour)
18
Q

IDS requirements

A
  • Run continually
  • Be fault tolerant
  • Resist subversion
  • Impose a minimal overhead on system
  • Configured according to system security policies
  • adapt to changes in systems and users
  • Scale to monitor large numbers of systems
  • Provide graceful degradation of service
  • Allow dynamic reconfiguration
19
Q
  • Involves the collection of data relating to the behavior of legitimate users over a period of time
  • Current observed behavior is analyzed to determine whether this behavior is that of a legitimate user or that of an intruder
A

Anomaly approach

20
Q
  • Uses a set of known malicious data patterns or attack rules that are compared with current behavior
  • Also known as misuse detection
  • Can only identify known attacks for which it has patterns or rules
A

Signature/Heuristic detection

21
Q

Analysis approach:

A
  • Anomaly Approach

- Signature/Heuristic detection

22
Q

Anomaly Detection

A
  • Statistical
  • Knowledge-based
  • Machine learning
23
Q

Analysis of the observed behavior using univariate, multivariate, or time-series models of observed metrics

A
  • Statistical
24
Q

Approaches use an expert system that classifies observed behavior according to a set of rules that model legitimate behavior

A

Knowledge-based

25
Q

Approaches automatically determine a suitable classification model from the training data using data mining techniques

A
  • Machine learning
26
Q
  • Match a large collection of known patterns of malicious data against data stored on a system or in transit over a network
  • The signatures need to be large enough to minimize the false alarm rate, while still detecting a sufficiently large fraction of malicious data
  • Widely used in anti-virus products, network traffic scanning proxies, and in NIDS
A

Signature approaches

27
Q
  • Involves the use of rules for identifying known penetrations or penetrations that would exploit known weaknesses
  • Rules can also be defined that identify suspicious behavior, even when the behavior is within the bounds of established patterns of usage
  • Typically rules used are specific
  • SNORT is an example of a rule-based NIDS
A

Rule-based heuristic identification

28
Q
  • Adds a specialized layer of security software to vulnerable or sensitive systems
  • Can use either anomaly or signature and heuristic approaches
  • Monitors activity to detect suspicious behavior
A

Host-Based Intrusion Detection (HIDS)

29
Q

fundamental component of intrusion detection is the sensor that collects data

A

Data Sources and Sensors

30
Q

Common data sources include:

A

System call traces
Audit (log file) records
File integrity checksums
Registry access

Info Assurance and Security (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions