Lecture 7 Flashcards

1
Q

?

is a type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operation of system with, almost always, the intent to do malicious harm.

Identify

A

Intrusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

?

activities that deter an intrusion

Identify

A

Intrusion prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

?

procedures and systems that identify sys intrusions

Identify

A

Intrusion detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

?

Activities finalize the restoration of operations to a normal state

Identify

1/2 ?

A

Intrusion correction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

?

Activities seek to identify the source & method of attack for prevention

Identify

2/2 ?

A

Intrusion correction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

?

Intrusion prevention systems

Identify

Intrusion Detection Systems

A

Extension

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

?

: indication that attack is happening

Identify

IDPS Terminology

A

Alarm or alert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

?

: attacker change the format and/or timing of activities to avoid being detected

Identify

IDPS Terminology

A

Evasion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

?

: event triggers alarm – no real attack

Identify

IDPS Terminology

A

False attack stimulus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

?

: failure of IDPS to react to attack

Identify

IDPS Terminology

A

False negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

?

: alarm activates in the absence of an actual attack

Identify

IDPS Terminology

A

False positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

?

: alarms events that are accurate but do not pose threats

Identify

IDPS Terminology

A

Noise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

?

: rules & configuration guidelines governing the implementation & operation of IDPS

Identify

IDPS Terminology

A

Site policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

?

: ability to dynamically modify config in response to environmental activity

Identify

IDPS Terminology

A

Site policy awareness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

?

: event that triggers alarms in event of real attack

Identify

IDPS Terminology

A

True attack stimulus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

?

: adjusting an IDPS

Identify

IDPS Terminology

A

Tuning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

?

: measure IDPS ability correctly detect & identify type of attacks

Identify

IDPS Terminology

A

Confidence value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

?

: Classification of IDPS alerts

Identify

IDPS Terminology

A

Alarm filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

?

: grouping almost identical alarms happening at close to the same time

Identify

IDPS Terminology

A

Alarm clustering and compaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

?

Prevent problem behaviors by increasing the perceived risk of discovery and punishment

Identify

1/6 ?

A

IDS (Intrusion Detection Systems)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

?

Detect attacks and other security violations

Identify

2/6 ?

A

IDS (Intrusion Detection Systems)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

?

Detect and deal with preambles to attacks

Identify

3/6 ?

A

IDS (Intrusion Detection Systems)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

?

Document existing threat to an organization

Identify

4/6 ?

A

IDS (Intrusion Detection Systems)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

?

Act as quality control for security design & administration

Identify

5/6 ?

A

IDS (Intrusion Detection Systems)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
# **?** **Provide useful information about intrusions** that take place | Identify ## Footnote 6/6 ?
IDS (Intrusion Detection Systems)
26
# **?** **??** (2) Types of IDS | Enumerate
* Network based * Hot-based
27
# **?** * Focused on protection **network information assets** * **Wireless** * **Network behavior analysis** | Identify ## Footnote 1/2 Types of IDS
Network based
28
# **?** Focused on protection server of **host’s information assets** | Identify ## Footnote 2/2 Types of IDS
Host-based
29
# **?** Resides on computer or appliance **connected to an a segment of orgs. network** | Identify ## Footnote Types of IDS - 1/6 ?
Network-Based
30
# **?** **Monitors network traffic** on the segment | Identify ## Footnote Types of IDS - 2/6 ?
Network-Based
31
# **?** **Monitors packets** | Identify ## Footnote Types of IDS - 3/6 ?
Network-Based
32
# **?** **Monitoring port** (switched port analysis) | Identify ## Footnote Types of IDS - 4/6 ?
Network-Based
33
# **?** **Looks for attack patterns** | Identify ## Footnote Types of IDS - 5/6 ?
Network-Based
34
# **?** **Compares measured activity** to known signatures | Identify ## Footnote Types of IDS - 6/6 ?
Network-Based
35
# **?** packet structure | Identify ## Footnote Types of IDS - Compares measured activity to known signatures - 1/2 ?
Protocol verification
36
# **?** packet use | Identify ## Footnote Types of IDS - Compares measured activity to known signatures - 1/2 ?
Application verification
37
# **?** **??** (2) Forms of attack that are not easily discerned | Enumerate
* Fragmented packets * Malformed packets
38
# **?** Monitors and analyzes **wireless network traffic** | Identify ## Footnote 1/3 ?
Wireless NIDPS
39
# **?** Looks for potential problems with the **wireless protocols** | Identify ## Footnote 2/3 ?
Wireless NIDPS
40
# **?** **Cannot evaluate & diagnose** issue with **higher level layers** | Identify ## Footnote 3/3 ?
Wireless NIDPS
41
# **?** **??** **???** **????** **?????** (5) Issues associated with implementation | Enumerate ## Footnote Wireless NIDPS
* Physical security * Sensor range * Access point and wireless switch locations * Wired network connections * Cost
42
# **?** **Resides on a particular computer** or server & **monitors traffic only on that system** | Identify ## Footnote Types of IDS - 1/6 ?
Host-Based
43
# **?** **Resides on a particular computer** or server & **monitors traffic only on that system** | Identify ## Footnote Types of IDS - 1/6 ?
Host-Based
44
# **?** Also known as **system integrity verifiers** | Identify ## Footnote Types of IDS - 2/6 ?
Host-Based
45
# **?** Works on **principle of configuration** and change management | Identify ## Footnote Types of IDS - 3/6 ?
Host-Based
46
# **?** **Classifies files in categories** & applies various notification actions **based on rules** | Identify ## Footnote Types of IDS - 4/6 ?
Host-Based
47
# **?** **Maintains own** log file | Identify ## Footnote Types of IDS - 5/6 ?
Host-Based
48
# **?** Can **monitor multiple computers simultaneously** | Identify ## Footnote Types of IDS - 6/6 ?
Host-Based
49
# **?** **Examines application** for abnormal events | Identify ## Footnote 1/5 ?
Application Based
50
# **?** Tracks interaction between users and **applications** | Identify ## Footnote 2/5 ?
Application Based
51
# **?** Able to **tract specific activity back to individual user** | Identify ## Footnote 3/5 ?
Application Based
52
# **?** Able to **view encrypted data** | Identify ## Footnote 4/5 ?
Application Based
53
# **?** Can **examine encryption/decryption process** | Identify ## Footnote 5/5 ?
Application Based
54
# **?** Two dominate methodologies | Identify ## Footnote IDS Methodologies
* Signature-based (knowledge-based) * Statistical-anomaly approach
55
# **?** * Examines data traffic in search of patterns that match **known signature** * Widely used * **Signature database** must be continually updated * Attack time-frame **sometimes problematic** | Identify ## Footnote 1/2 IDS Methodologies
Signature Based
56
# **?** Based on **frequency** on which network activities take place | Identify ## Footnote 2/2 IDS Methodologies 1/7 ?
Statistical Anomaly Based
57
# **?** Collect **statistical summaries** of “normal” traffic to form baseline | Identify ## Footnote 2/2 IDS Methodologies 2/7 ?
Statistical Anomaly Based
58
# **?** **Measure** current traffic against baseline | Identify ## Footnote 2/2 IDS Methodologies 3/7 ?
Statistical Anomaly Based
59
# **?** **Traffic outside** baseline will **generate alert** | Identify ## Footnote 2/2 IDS Methodologies 4/7 ?
Statistical Anomaly Based
60
# **?** Can **detect new type of attacks** | Identify ## Footnote 2/2 IDS Methodologies 5/7 ?
Statistical Anomaly Based
61
# **?** **Requires much more overhead** and processing capacity | Identify ## Footnote 2/2 IDS Methodologies 6/7 ?
Statistical Anomaly Based
62
# **?** **May not detect minor changes** to baseline | Identify ## Footnote 2/2 IDS Methodologies 7/7 ?
Statistical Anomaly Based
63
# **?** Similar to NIDS | Identify ## Footnote 1/5 ?
Log file Monitors
64
# **?** Reviews **logs** | Identify ## Footnote 2/5 ?
Log file Monitors
65
# **?** Looks for patterns & signatures in **log files** | Identify ## Footnote 3/5 ?
Log file Monitors
66
# **?** Able to look at **multiple log files** from different systems | Identify ## Footnote 4/5 ?
Log file Monitors
67
# **?** **Large storage requirement** | Identify ## Footnote 5/5 ?
Log file Monitors
68
# **?** **Vary according to organization policy**, objectives, and system capabilities | Identify ## Footnote 1/3 ?
Responses to IDS
69
# **?** **Administrator must be careful** not to increase the problem | Identify ## Footnote 2/3 ?
Responses to IDS
70
# **?** **Responses** active or passive | Identify ## Footnote 3/3 ?
Responses to IDS
71
# **?** **??** **???** (3) Control Strategies | Enumerate
* Centralized * Partially distributed * Fully distributed
72
# **?** * All IDS control functions are implemented and managed in a **centralized location** * **1 management system** | Identify ## Footnote 1/3 Control Strategies
Centralized
73
# **?** **Opposite of centralized** | Identify ## Footnote 2/3 Control Strategies 1/3 ?
Fully Distributed
74
# **?** All control functions applied at the **physical location of each IDS component** | Identify ## Footnote 2/3 Control Strategies 2/3 ?
Fully Distributed
75
# **?** * **Each sensor/agent** is best configured to **deal with its own environment** * Reaction to attacks sped up | Identify ## Footnote 2/3 Control Strategies 3/3 ?
Fully Distributed
76
# **?** Individual agents **respond to local threats** | Identify ## Footnote 3/3 Control Strategies 1/3 ?
Partially Distributed Control
77
# **?** Report to a **hierarchical central facility** | Identify ## Footnote 3/3 Control Strategies 2/3 ?
Partially Distributed Control
78
# **?** One of the **more effective methods** | Identify ## Footnote 3/3 Control Strategies 3/3 ?
Partially Distributed Control
79
# **?** **Decoy** systems | Identify ## Footnote 1/3 ?
Honey Pots
80
# **?** **Lure potential attackers away** from critical systems | Identify ## Footnote 2/3 ?
Honey Pots
81
# **?** **Encourages attacks against themselves** | Identify ## Footnote 3/3 ?
Honey Pots
82
# **?** **Collection of honey pots** | Identify ## Footnote 1/4 ?
Honey Net
83
# **?** **Connects honey pots** on a **subnet** | Identify ## Footnote 2/4 ?
Honey Net
84
# **?** Contains **pseudo-services** the **emulated well-known services** | Identify ## Footnote 3/4 ?
Honey Net
85
# **?** **Filled with factious information** | Identify ## Footnote 4/4 ?
Honey Net
86
# **?** Protected honey pot | Identify ## Footnote 1/3 ?
Padded Cell
87
# **?** **IDS detects attacks** and **transfers to simulated environment** | Identify ## Footnote 2/3 ?
Padded Cell
88
# **?** **Monitors action of attacker** | Identify ## Footnote 3/3 ?
Padded Cell
89
# **?** Detect intrusion and **trace incident back** | Identify ## Footnote 1/3 ?
Trap and Trace Systems
90
# **?** **Consist of honey pot** or **padded cell** & alarm | Identify ## Footnote 2/3 ?
Trap and Trace Systems
91
# **?** Similar to concept of **caller ID** | Identify ## Footnote 3/3 ?
Trap and Trace Systems
92
# **?** Considered unethical | Identify ## Footnote Trap and Trace Systems
Back-hack
93
# **?** Legal drawbacks to trap and trace | Identify ## Footnote Trap and Trace Systems
Enticement and entrapment
94
# **?** **Help find vulnerabilities in system**, holes in security components, and unsecure aspects of the network | Identify ## Footnote 1/3 ?
Scanning and Analysis Tools
95
# **?** Allow system admin to **see what the attacker sees** | Identify ## Footnote 2/3 ?
Scanning and Analysis Tools
96
# **?** May **run into problems with ISP** | Identify ## Footnote 3/3 ?
Scanning and Analysis Tools
97
# **?** **??** **???** **????** **?????** (5) Scanning and Analysis Tools | Enumerate ## Footnote Scanning and Analysis Tools
* Port scanners * Firewall analysis tools * Operating system detection tools * Vulnerability scanners * Packet sniffers
98
# **?** – validation of users identity | Identify ## Footnote Access Control Tools
Authentication
99
# **?** **??** **???** **????** 4 general ways carried out | Enumerate ## Footnote Access Control Tools
* What he knows * What he has * Who he is * What he produces