Domain 6 set 1 Flashcards
5 steps in an attack
- Reconnaissance
- Foot-printing (Mapping the Network) Nmap
- Fingerprinting (port scanning)
- Vulnerability assessment (identifying weaknesses)
- The Attack
Red Team?
ATTACK
Blue Team
Defend
IDS is passive or active ?
passive
IDS and IPS need what to view traffic
Port mirroring / span
the interface need to be in what mode for a IDS
Promiscuous Mode
use what ids type for a single system
Host-based IDS (HIDS)
use what ids type for a network segment
Network-based IDS (NDIS)
Analysis Engine on a IDS does what?
Analyzes data collected by the sensor, determines if there is suspicious activity
the 4 parts of an IDS
- Sensors
- Analysis Engine
- Signature Database
- User Interface and reporting
What IDS decrypt data?
Host-based IDS (HIDS)
A sensor is sometimes called what
Traffic Collector
the two analysis engines?
- Pattern matching
2. profile matching
Anomaly / behavior is what type of analysis engines?
profile matching
analysis engine that needs a baseline
profile matching
analysis engine that detects zero day attacks
profile matching
analysis engine that has alot of False positives
profile matching
analysis engine that needs a subscription from a vendor
Pattern matching
analysis engine detects non technical attacks?
profile matching
Attacks the are for profile IDS
- Evasion (fly under the RADAR) (lots of small attacks
2. insertion attacks (against Pattern matching)
signature-based detection systems are what type of analysis engine?
Pattern matching
Pseudo Flaw?
loophole to entice and trap intruders in application
