Lecture 10 Flashcards
What is IDS?
Intrusion Detection System - detects attacks and alerts.
IDS is essential for identifying potential security breaches.
What is IPS?
Intrusion Prevention System - detects and blocks attacks.
IPS actively prevents intrusions rather than just alerting.
What is signature-based detection?
Detects attacks using known patterns.
This method relies on pre-defined signatures of known threats.
What is anomaly-based detection?
Detects unusual behavior by comparing to normal.
This approach identifies deviations from established baselines.
What is a false positive?
Legitimate behavior incorrectly flagged as malicious.
False positives can lead to unnecessary alerts and resource allocation.
What is a false negative?
A real attack that goes undetected.
False negatives pose significant security risks since they allow breaches to occur unnoticed.
What is HIDS?
Host-based IDS - runs on a single host.
HIDS monitors the inbound and outbound packets from the device only.
What is NIDS?
Network-based IDS - monitors traffic across the network.
NIDS analyzes traffic across multiple devices in the network.
What is the role of logging in IDS?
Provides data for attack analysis.
Logging is crucial for post-attack forensic analysis and understanding attack vectors.
What is real-time monitoring?
Continuous system monitoring as it operates.
Real-time monitoring enables immediate detection and response to threats.
What is Snort?
Popular open-source IDS tool.
Snort is widely used due to its flexibility and community support.
What is the goal of IDPS?
Detect and minimize the impact of intrusions.
IDPS aims to enhance security posture by identifying and mitigating threats promptly.
