Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

VD Exam2 > Monitoring, Logs, and IDS (Lesson 15) > Flashcards

Monitoring, Logs, and IDS (Lesson 15) Flashcards

1
Q

Unix Log Files

A

syslog – the system log
sulog – records actions to switch users (su)
utmp – keeps track of users currently logged on
wtmp – stores historical data on login, logout, shutdown, and restart events.
lastlog – tracks each user’s most recent login time and the point of origin of the user. Successful and unsuccessful logins can be tracked.
-At login, this information (about the last login) is often displayed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Four major methods attempted to perform intrusion detection:

A

User Profiling
Intruder Profiling
Signature Analysis
Action-based (attack “signatures”)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

User Profiling - Types of activity to record may include

A 
CPU and I/O usage
Connect time and time of connection as well as duration
Location of use
Command usage
Mailer usage
Editor and compiler usage
Directories and files accessed/modified
Errors
Network activity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Intruder Profiling

A

When an intruder first gains access the action often taken is to check to see who else is on, will examine files and directories, …
Can also apply to insiders gaining access to files they are not authorized to access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Signature Analysis

A

Just as an individual has a unique written signature which can be used for identification purposes, individuals also have a “typing signature”.
This technique requires special equipment.
Variation on this is to watch for certain abbreviations for commands and common errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

MIDAS

A

Multics Intrusion Detection and Alerting System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Network Profile

A

which systems normally connect to which others using what service.
During a 2 month period, 110,000 connections analyzed at UC-Davis, NSM correctly identified over 300 intrusions, only 1% had been detected by admins.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NSM

A

Network Security Monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

DIDS

A

Distributed IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CSM

A

Cooperating Security Monitors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

4 General Types of IPS

A

Inline NIDS
Layer Seven Switches
Application Firewall/IDS
Deceptive Applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Layer Seven Switch

A

Due to bandwidth intensive content, some switching now going on a layer seven (e.g. load balancers) where application traffic can be examined.
Decisions can be made as to whether data is sent.
Good for preventing DOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

VD Exam2 (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions