Module 12 - Evading IDS, Firewalls, and Honeypots Flashcards
IDS, Firewall, and Honeypot Concepts:
Is a security software or hardware device which inspects all inbound and outbound network traffic for suspicious patterns that may indicate a network or system security breach.
a. HIDS (Hardware Intrusion Detection System)
b. SIDS (Software Intrusiton Detection System)
c. IDS (Intrustion Detection System)
d. TIDS (Timed Intrustion Detection System)
c. IDS (Intrusion Detection System)
IDS, Firewall, and Honeypot Concepts:
- It detects the intrusion based on the fixed behavioral characteristics of the users and componenets in a comuter system.
- Never seen before.
a. Protocol Anomaly Detection
b. Anomaly Detection
c. Signature Recognition
b. Anomaly Detection
IDS, Firewall, and Honeypot Concepts:
- Also known as misuse detection, tries to identify events that indicate an abuse of a system or network resources.
- Known attack
a. Protocol Anomaly Detection
b. Anomaly Detection
c. Signature Recognition
c. Signature Recognition
IDS, Firewall, and Honeypot Concepts:
These mechanisms typically consist of a black box that is placed on the network in a promiscuous mode, listening for patterns indicative of an intrusion.
a. Network-Based IDS
b. Host-Based IDS
c. Time-Based IDS
d. User-Based IDS
a. Network-Based IDS
IDS, Firewall, and Honeypot Concepts:
These mechanisms usually include auditing for events that occur on a specific host.
a. Network-Based IDS
b. Host-Based IDS
c. Time-Based IDS
d. User-Based IDS
b. Host-Based IDS
IDS, Firewall, and Honeypot Concepts:
- Are hardware and/or software designed to prevent unauthorized access to or from a private network.
- They are placed at the junction or gateway between the two networks, which is usually a private network and a public network such as the internet.
- They are the 1st line of defense on a network.
Firewall
IDS, Firewall, and Honeypot Concepts:
_____ host is a computer system designed and configured to protect network resources from attack.
- Anything in a DMZ is considered a _____ host.
a. Multi-homed
b. Screened
c. Bastion
d. Protected
c. Bastion
IDS, Firewall and Honeypot Concepts:
- Is a network that serves as a buffer between the internal secure network and insecure internet.
- It can be created using firewall with three or more network interfaces, assigned with specific roles such as internal trusted network, DMZ network, and external un-trusted network.
DMZ (DeMilitarized Zone)
Reviwed
IDS, Firewall, and Honeypot Concepts:
- Is either a dedicated stand-alone hardware device or it comes as part of a router.
- The network traffic is filtered using the packet filtering technique.
a. Packet Filter Firewall
b. Software Firewall
c. Hardware Firewall
d. Circuit Firewall
c. Hardware Firewall
Comments:
-Packet filtering can be done by software (Ex:iptables)
IDS, Firewall, and Honeypot Concepts:
- Is a software program installed on a computer, just like normal software.
- It is generally used to filter traffic for individual home users.
- Host-Based
a. Packet Filter Firewall
b. Software Firewall
c. Hardware Firewall
d. Circuit Firewall
b. Software Firewall
IDS, Firewall, Honeypot Concepts:
- Work at the network layer of the OSI model (or the IP later of TCP/IP). They are usually a part of a router.
a. Packet Filter Firewall
b. Software Firewall
c. Hardware Firewall
d. Circuit Firewall
a. Packet Filter Firewall
IDS, Firewall, and Honeypot Concepts:
- Is a private network constructed using public networks, such as the internet.
- It is used for the secure transmission of sensitive information over an untrusted network, using encapsulation and encryption.
- IPSec
VPN (Virtual Private Network)
Evading IDS:
Obfuscating means to:
Hide
Evading IDS:
What must you do to a packet so the IDS can’t see inside the packet?
Encrypt it
Evading IDS:
If you want to get a packet through an IDS you need to?
Fragment it
