MODULE 7 Flashcards
1
Q
Intruder behavior steps:
A
- Target acquisition
- Initial access
- Privilege escalation
- System exploit
- Maintaining access
- Covering tracks
2
Q
Initial attacks often exploit system vulnerabilities to:
A
- Execute backdoor code
- Gain protected information
3
Q
IDS types:
A
- Host-based
- Network-based
- Distributed or hybrid
3
Q
Requirements of IDS
A
- Fault tolerant
- Minimal overhead
- Graceful degradation
- Adapt to changes
- Run continually
- Dynamic reconfiguration
4
Q
Intrusion detection problems:
A
- False positives
- False negatives
- Must compromise
5
Q
IDS analysis approaches:
A
- Anomaly detection
- Signature/Heuristic/Misuse detection
6
Q
IDS signature detection:
A
Matching malicious data patterns against stored data
6
Q
IDS heuristic detection:
A
Using rules to identify penetrations
7
Q
HIDS sensor:
A
A component of intrusion detection used to collect data
7
Q
Information logged by an NIDS sensor:
A
- Timestamp
- Event
- IP addresses
- Ports
- Protocols
- Number of bytes
7
Q
NIDS sensor types:
A
- Inline
- Passive
8
Q
Honeypots:
A
Decoys with fake info to lure attackers
9
Q
Snort IDS:
A
Lightweight open-source IDS that captures packets and analyze them
10
Q
Snort rules:
A
- Simple rule definition language
- Fixed header
- Header includes action, protocol, source IP, source port, direction, destination IP, and destination port
- Many options possible
