Lecture 7

Question 1

?

is a type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operation of system with, almost always, the intent to do malicious harm.

Identify

Answer 1

Intrusion

Question 2

?

activities that deter an intrusion

Identify

Answer 2

Intrusion prevention

Question 3

?

procedures and systems that identify sys intrusions

Identify

Answer 3

Intrusion detection

Question 4

?

Activities finalize the restoration of operations to a normal state

Identify

1/2 ?

Answer 4

Intrusion correction

Question 5

?

Activities seek to identify the source & method of attack for prevention

Identify

2/2 ?

Answer 5

Intrusion correction

Question 6

?

Intrusion prevention systems

Identify

Intrusion Detection Systems

Answer 6

Extension

Question 7

?

: indication that attack is happening

Identify

IDPS Terminology

Answer 7

Alarm or alert

Question 8

?

: attacker change the format and/or timing of activities to avoid being detected

Identify

IDPS Terminology

Answer 8

Evasion

Question 9

?

: event triggers alarm – no real attack

Identify

IDPS Terminology

Answer 9

False attack stimulus

Question 10

?

: failure of IDPS to react to attack

Identify

IDPS Terminology

Answer 10

False negative

Question 11

?

: alarm activates in the absence of an actual attack

Identify

IDPS Terminology

Answer 11

False positive

Question 12

?

: alarms events that are accurate but do not pose threats

Identify

IDPS Terminology

Answer 12

Noise

Question 13

?

: rules & configuration guidelines governing the implementation & operation of IDPS

Identify

IDPS Terminology

Answer 13

Site policy

Question 14

?

: ability to dynamically modify config in response to environmental activity

Identify

IDPS Terminology

Answer 14

Site policy awareness

Question 15

?

: event that triggers alarms in event of real attack

Identify

IDPS Terminology

Answer 15

True attack stimulus

Question 16

?

: adjusting an IDPS

Identify

IDPS Terminology

Answer 16

Tuning

Question 17

?

: measure IDPS ability correctly detect & identify type of attacks

Identify

IDPS Terminology

Answer 17

Confidence value

Question 18

?

: Classification of IDPS alerts

Identify

IDPS Terminology

Answer 18

Alarm filtering

Question 19

?

: grouping almost identical alarms happening at close to the same time

Identify

IDPS Terminology

Answer 19

Alarm clustering and compaction

Question 20

?

Prevent problem behaviors by increasing the perceived risk of discovery and punishment

Identify

1/6 ?

Answer 20

IDS (Intrusion Detection Systems)

Question 21

?

Detect attacks and other security violations

Identify

2/6 ?

Answer 21

IDS (Intrusion Detection Systems)

Question 22

?

Detect and deal with preambles to attacks

Identify

3/6 ?

Answer 22

IDS (Intrusion Detection Systems)

Question 23

?

Document existing threat to an organization

Identify

4/6 ?

Answer 23

IDS (Intrusion Detection Systems)

Question 24

?

Act as quality control for security design & administration

Identify

5/6 ?

Answer 24

IDS (Intrusion Detection Systems)

Question 25

?

Provide useful information about intrusions that take place

Identify

6/6 ?

Answer 25

IDS (Intrusion Detection Systems)

Question 26

? ??

(2) Types of IDS

Enumerate

Answer 26

• Network based
• Hot-based

Question 27

?

• Focused on protection network information assets
• Wireless
• Network behavior analysis

Identify

1/2 Types of IDS

Answer 27

Network based

Question 28

?

Focused on protection server of host’s information assets

Identify

2/2 Types of IDS

Answer 28

Host-based

Question 29

?

Resides on computer or appliance connected to an a segment of orgs. network

Identify

Types of IDS - 1/6 ?

Answer 29

Network-Based

Question 30

?

Monitors network traffic on the segment

Identify

Types of IDS - 2/6 ?

Answer 30

Network-Based

Question 31

?

Monitors packets

Identify

Types of IDS - 3/6 ?

Answer 31

Network-Based

Question 32

?

Monitoring port (switched port analysis)

Identify

Types of IDS - 4/6 ?

Answer 32

Network-Based

Question 33

?

Looks for attack patterns

Identify

Types of IDS - 5/6 ?

Answer 33

Network-Based

Question 34

?

Compares measured activity to known signatures

Identify

Types of IDS - 6/6 ?

Answer 34

Network-Based

Question 35

?

packet structure

Identify

Types of IDS - Compares measured activity to known signatures - 1/2 ?

Answer 35

Protocol verification

Question 36

?

packet use

Identify

Types of IDS - Compares measured activity to known signatures - 1/2 ?

Answer 36

Application verification

Question 37

? ??

(2) Forms of attack that are not easily discerned

Enumerate

Answer 37

• Fragmented packets
• Malformed packets

Question 38

?

Monitors and analyzes wireless network traffic

Identify

1/3 ?

Answer 38

Wireless NIDPS

Question 39

?

Looks for potential problems with the wireless protocols

Identify

2/3 ?

Answer 39

Wireless NIDPS

Question 40

?

Cannot evaluate & diagnose issue with higher level layers

Identify

3/3 ?

Answer 40

Wireless NIDPS

Question 41

? ?? ??? ???? ?????

(5) Issues associated with implementation

Enumerate

Wireless NIDPS

Answer 41

• Physical security
• Sensor range
• Access point and wireless switch locations
• Wired network connections
• Cost

Question 42

?

Resides on a particular computer or server & monitors traffic only on that system

Identify

Types of IDS - 1/6 ?

Answer 42

Host-Based

Question 43

?

Resides on a particular computer or server & monitors traffic only on that system

Identify

Types of IDS - 1/6 ?

Answer 43

Host-Based

Question 44

?

Also known as system integrity verifiers

Identify

Types of IDS - 2/6 ?

Answer 44

Host-Based

Question 45

?

Works on principle of configuration and change management

Identify

Types of IDS - 3/6 ?

Answer 45

Host-Based

Question 46

?

Classifies files in categories & applies various notification actions based on rules

Identify

Types of IDS - 4/6 ?

Answer 46

Host-Based

Question 47

?

Maintains own log file

Identify

Types of IDS - 5/6 ?

Answer 47

Host-Based

Question 48

?

Can monitor multiple computers simultaneously

Identify

Types of IDS - 6/6 ?

Answer 48

Host-Based

Question 49

?

Examines application for abnormal events

Identify

1/5 ?

Answer 49

Application Based

Question 50

?

Tracks interaction between users and applications

Identify

2/5 ?

Answer 50

Application Based

Question 51

?

Able to tract specific activity back to individual user

Identify

3/5 ?

Answer 51

Application Based

Question 52

?

Able to view encrypted data

Identify

4/5 ?

Answer 52

Application Based

Question 53

?

Can examine encryption/decryption process

Identify

5/5 ?

Answer 53

Application Based

Question 54

?

Two dominate methodologies

Identify

IDS Methodologies

Answer 54

• Signature-based (knowledge-based)
• Statistical-anomaly approach

Question 55

?

• Examines data traffic in search of patterns that match known signature
• Widely used
• Signature database must be continually updated
• Attack time-frame sometimes problematic

Identify

1/2 IDS Methodologies

Answer 55

Signature Based

Question 56

?

Based on frequency on which network activities take place

Identify

2/2 IDS Methodologies 1/7 ?

Answer 56

Statistical Anomaly Based

Question 57

?

Collect statistical summaries of “normal” traffic to form baseline

Identify

2/2 IDS Methodologies 2/7 ?

Answer 57

Statistical Anomaly Based

Question 58

?

Measure current traffic against baseline

Identify

2/2 IDS Methodologies 3/7 ?

Answer 58

Statistical Anomaly Based

Question 59

?

Traffic outside baseline will generate alert

Identify

2/2 IDS Methodologies 4/7 ?

Answer 59

Statistical Anomaly Based

Question 60

?

Can detect new type of attacks

Identify

2/2 IDS Methodologies 5/7 ?

Answer 60

Statistical Anomaly Based

Question 61

?

Requires much more overhead and processing capacity

Identify

2/2 IDS Methodologies 6/7 ?

Answer 61

Statistical Anomaly Based

Question 62

?

May not detect minor changes to baseline

Identify

2/2 IDS Methodologies 7/7 ?

Answer 62

Statistical Anomaly Based

Question 63

?

Similar to NIDS

Identify

1/5 ?

Answer 63

Log file Monitors

Question 64

?

Reviews logs

Identify

2/5 ?

Answer 64

Log file Monitors

Question 65

?

Looks for patterns & signatures in log files

Identify

3/5 ?

Answer 65

Log file Monitors

Question 66

?

Able to look at multiple log files from different systems

Identify

4/5 ?

Answer 66

Log file Monitors

Question 67

?

Large storage requirement

Identify

5/5 ?

Answer 67

Log file Monitors

Question 68

?

Vary according to organization policy, objectives, and system capabilities

Identify

1/3 ?

Answer 68

Responses to IDS

Question 69

?

Administrator must be careful not to increase the problem

Identify

2/3 ?

Answer 69

Responses to IDS

Question 70

?

Responses active or passive

Identify

3/3 ?

Answer 70

Responses to IDS

Question 71

? ?? ???

(3) Control Strategies

Enumerate

Answer 71

• Centralized
• Partially distributed
• Fully distributed

Question 72

?

• All IDS control functions are implemented and managed in a centralized location
• 1 management system

Identify

1/3 Control Strategies

Answer 72

Centralized

Question 73

?

Opposite of centralized

Identify

2/3 Control Strategies 1/3 ?

Answer 73

Fully Distributed

Question 74

?

All control functions applied at the physical location of each IDS component

Identify

2/3 Control Strategies 2/3 ?

Answer 74

Fully Distributed

Question 75

?

• Each sensor/agent is best configured to deal with its own environment
• Reaction to attacks sped up

Identify

2/3 Control Strategies 3/3 ?

Answer 75

Fully Distributed

Question 76

?

Individual agents respond to local threats

Identify

3/3 Control Strategies 1/3 ?

Answer 76

Partially Distributed Control

Question 77

?

Report to a hierarchical central facility

Identify

3/3 Control Strategies 2/3 ?

Answer 77

Partially Distributed Control

Question 78

?

One of the more effective methods

Identify

3/3 Control Strategies 3/3 ?

Answer 78

Partially Distributed Control

Question 79

?

Decoy systems

Identify

1/3 ?

Answer 79

Honey Pots

Question 80

?

Lure potential attackers away from critical systems

Identify

2/3 ?

Answer 80

Honey Pots

Question 81

?

Encourages attacks against themselves

Identify

3/3 ?

Answer 81

Honey Pots

Question 82

?

Collection of honey pots

Identify

1/4 ?

Answer 82

Honey Net

Question 83

?

Connects honey pots on a subnet

Identify

2/4 ?

Answer 83

Honey Net

Question 84

?

Contains pseudo-services the emulated well-known services

Identify

3/4 ?

Answer 84

Honey Net

Question 85

?

Filled with factious information

Identify

4/4 ?

Answer 85

Honey Net

Question 86

?

Protected honey pot

Identify

1/3 ?

Answer 86

Padded Cell

Question 87

?

IDS detects attacks and transfers to simulated environment

Identify

2/3 ?

Answer 87

Padded Cell

Question 88

?

Monitors action of attacker

Identify

3/3 ?

Answer 88

Padded Cell

Question 89

?

Detect intrusion and trace incident back

Identify

1/3 ?

Answer 89

Trap and Trace Systems

Question 90

?

Consist of honey pot or padded cell & alarm

Identify

2/3 ?

Answer 90

Trap and Trace Systems

Question 91

?

Similar to concept of caller ID

Identify

3/3 ?

Answer 91

Trap and Trace Systems

Question 92

?

Considered unethical

Identify

Trap and Trace Systems

Answer 92

Back-hack

Question 93

?

Legal drawbacks to trap and trace

Identify

Trap and Trace Systems

Answer 93

Enticement and entrapment

Question 94

?

Help find vulnerabilities in system, holes in security components, and unsecure aspects of the network

Identify

1/3 ?

Answer 94

Scanning and Analysis Tools

Question 95

?

Allow system admin to see what the attacker sees

Identify

2/3 ?

Answer 95

Scanning and Analysis Tools

Question 96

?

May run into problems with ISP

Identify

3/3 ?

Answer 96

Scanning and Analysis Tools

Question 97

? ?? ??? ???? ?????

(5) Scanning and Analysis Tools

Enumerate

Scanning and Analysis Tools

Answer 97

• Port scanners
• Firewall analysis tools
• Operating system detection tools
• Vulnerability scanners
• Packet sniffers

Question 98

?

– validation of users identity

Identify

Access Control Tools

Answer 98

Authentication

Question 99

? ?? ??? ????

4 general ways carried out

Enumerate

Access Control Tools

Answer 99

• What he knows
• What he has
• Who he is
• What he produces