Chapter 8 (Intrusion Detection) Flashcards
3 main classes of intruders
cyber criminals
activists
state sponsored organizations
what are these examples of
intrusion
what are these examples of
intruder behavior
what does intrustion detection monitor and analuze to find warnings of an intrustion
system events
3 different types of intrusion detection systems
host based IDS (HIDS)
network based IDS (NIDS)
distributed/hybrid IDS
how does a host based ids work?
monitors characteristics of a single host for suspiscious activity
how does a network based ids work?
monitors network traffic and analyzes network,transport,and app protocols to identify suspicious activity
how does a distributed/hybrid based ids work?
combines info from a number of sensors, both host and network based, and centrally analyzes for intrustion
2 main approaches to analysis for intrustions
anomoly detection
signature/heuristic detection
what is anomoly detection
collects data relating to legit behavior over a period of time
current behavior is analyzed to determine whether it is intruder or legit
what is signature/heuristic detection
scans for a set of known malicious data patterns
3 primary purposes of a host based itrustion system
detect intrustions, log suspiscious events, send alerts
what are data sources that host based IDS uses
system call traces
audit log records
file integrity checksums
registry access
how does a NIDS work
monitors traffic at selected points on network
examins traffic packet in real time
analyzes traffic patterns
what is Stateful protocol analysis (SPA)
what are these examples of?
typical information logged by a NIDS sensor
diff between low interaction honeypot and high interaction honeypot
