Intrusion Detection and Intro to Crytography (ch8, 2) Flashcards
Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.
True
To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.
True
An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.
False
A common location for a NIDS sensor is just inside the external firewall.
True
Network-based intrusion detection makes use of signature detection and anomaly detection.
True
Symmetric encryption is used primarily to provide confidentiality.
True
Two of the most important applications of public-key encryption are digital signatures and key management.
True
The secret key is one of the inputs to a symmetric-key encryption algorithm.
True
The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm.
True
Public-key algorithms are based on simple operations on bit patterns.
False
A _______ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.
A. host-based IDS
B. security intrusion
C. network-based IDS
D. intrusion detection
A
_______ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.
A. Profile based detection
B. Signature detection
C. Threshold detection
D. Anomaly detection
B
_______ involves the collection of data relating to the behavior of legitimate users over a period of time.
A. Profile based detection
B. Signature detection
C. Threshold detection
D. Anomaly detection
D
A(n) ______ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.
A. passive sensor
B. analysis sensor
C. LAN sensor
D. inline sensor
D
The ______ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.
A. data source
B. sensor
C. operator
D. analyzer
D