Lecture 7 Flashcards
?
is a type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operation of system with, almost always, the intent to do malicious harm.
Identify
Intrusion
?
activities that deter an intrusion
Identify
Intrusion prevention
?
procedures and systems that identify sys intrusions
Identify
Intrusion detection
?
Activities finalize the restoration of operations to a normal state
Identify
1/2 ?
Intrusion correction
?
Activities seek to identify the source & method of attack for prevention
Identify
2/2 ?
Intrusion correction
?
Intrusion prevention systems
Identify
Intrusion Detection Systems
Extension
?
: indication that attack is happening
Identify
IDPS Terminology
Alarm or alert
?
: attacker change the format and/or timing of activities to avoid being detected
Identify
IDPS Terminology
Evasion
?
: event triggers alarm – no real attack
Identify
IDPS Terminology
False attack stimulus
?
: failure of IDPS to react to attack
Identify
IDPS Terminology
False negative
?
: alarm activates in the absence of an actual attack
Identify
IDPS Terminology
False positive
?
: alarms events that are accurate but do not pose threats
Identify
IDPS Terminology
Noise
?
: rules & configuration guidelines governing the implementation & operation of IDPS
Identify
IDPS Terminology
Site policy
?
: ability to dynamically modify config in response to environmental activity
Identify
IDPS Terminology
Site policy awareness
?
: event that triggers alarms in event of real attack
Identify
IDPS Terminology
True attack stimulus
?
: adjusting an IDPS
Identify
IDPS Terminology
Tuning
?
: measure IDPS ability correctly detect & identify type of attacks
Identify
IDPS Terminology
Confidence value
?
: Classification of IDPS alerts
Identify
IDPS Terminology
Alarm filtering
?
: grouping almost identical alarms happening at close to the same time
Identify
IDPS Terminology
Alarm clustering and compaction
?
Prevent problem behaviors by increasing the perceived risk of discovery and punishment
Identify
1/6 ?
IDS (Intrusion Detection Systems)
?
Detect attacks and other security violations
Identify
2/6 ?
IDS (Intrusion Detection Systems)
?
Detect and deal with preambles to attacks
Identify
3/6 ?
IDS (Intrusion Detection Systems)
?
Document existing threat to an organization
Identify
4/6 ?
IDS (Intrusion Detection Systems)
?
Act as quality control for security design & administration
Identify
5/6 ?
IDS (Intrusion Detection Systems)