Module 2: Security Technology: Intrusion Detection and Prevention Systems Flashcards

1
Q

These operate by monitoring network traffic, analyzing it and providing remediation tactics when malicious behavior is detected;

A

intrusion detection and prevention systems (IDPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

They look for matching behavior or characteristics that would indicate malicious traffic, send out alerts and block attacks.

A

intrusion detection and prevention systems (IDPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

These tools can detect malware, socially engineered attacks and other web-based threats, including DDoS attacks.

A

intrusion detection and prevention systems (IDPS) tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

These can provide preemptive intrusion prevention capabilities for internal threats and potentially compromised systems.

A

intrusion detection and prevention systems (IDPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The primary functions of IDPS solutions can be broken down into four main categories, what are these?

A
  • monitoring
  • alerts
  • remediation
  • maintenance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Category of IDPS primary functions

IDPS ____ IT systems using either signature-based or anomaly-based intrusion detection to identify abnormal behavior and signature malicious activity.

A

monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Category of IDPS primary functions

After identifying potential threats, IDPS software will log and send out ____ to Inform administrators of abnormal activity.

A

alerts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Category of IDPS primary functions

IDPS tools provide blocking mechanisms for malicious threats, giving administrators time to take action. In some cases, IT teams may not be required to take action at all after an attack is blocked.

A

remediation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Category of IDPS primary functions

Besides monitoring for abnormal behavior, IDPS tools can also monitor the performance of IT hardware and security components with health checks. This ensures a security infrastructure is operating properly at all times.

A

maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

These are detection and monitoring tools. They do not take action on their own. This requires a human or another system to look at the results.

A

intrusion detection systems (IDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This is a controlled system. The control system accepts and rejects a packet based on the ruleset. This requires that the database gets regularly updated with new threat data.

A

intrusion prevention system (IPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the similarity of IDS and IPS?

A

They both read network packets and compare the contents to a database of known threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This sits between the firewall and switch.

A

intrusion prevention system (IPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This interacts and plugged in directly with the switch.

A

intrusion detection system (IDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The types of IDPS can be classified according to ____.

A

The types of IDPS can be classified according to what they are designed to protect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the types of IDPS?

A

network-based ID/PS and host-based ID/PS

17
Q

This monitors the inbound and outbound network traffic and the text and prevents intrusions by analyzing network protocol activities.

A

netword-based ID/PS

18
Q

This is a software package installed in a host. It monitors the activities of a single host and the text and prevents malicious activities.

A

host-based ID/PS

19
Q

These systems identify potential threats based on built-in rules and profiles.

A

intrusion detection systems (IDS) and intrusion prevention systems (IPS)

20
Q

Intrusion detection systems primarily use two key intrusion detection methods. What are these?

A

signature-based intrusion detection and anomaly-based intrusion detection

21
Q

This is used for threats we already know and have encountered in the past.

A

signature-based intrusion detection

22
Q

This is used to detect changes in behavior.

A

anomaly-based intrusion detection

23
Q

Designed to detect possible threats by comparing given network traffic and log data to existing attack patterns.

A

signature-based intrusion detection

24
Q

These patterns are called ____ (hence the name) and could include byte ____, known as ____.

A

These patterns are called sequences (hence the name) and could include byte sequences, known as malicious instruction sequences.

25
Q

This enables you to accurately detect and identify possible known attacks.

A

signature-based intrusion detection

26
Q

Designed to pinpoint unknown attacks, such as new malware, and adapt to them on the fly using machine learning.

A

anomaly-based intrusion detection

27
Q

Machine learning techniques enable an intrusion detection system (IDS) to create baselines of trustworthy activity—known as a ____—then compare new behavior to verified ____.

A

Machine learning techniques enable an intrusion detection system (IDS) to create baselines of trustworthy activity—known as a trust model—then compare new behavior to verified trust models.

28
Q

False alarms can occur when using this IDS, since previously unknown yet legitimate network traffic could be falsely identified as malicious activity.

A

False alarms can occur when using anomaly-based IDS, since previously unknown yet legitimate network traffic could be falsely identified as malicious activity.