Network Traffic Monitoring Flashcards

1
Q

What is Network Monitoring?

A

Is a retrospective security approach that monitors a network for abnormal activities, performance issues, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the following traffic signatures:
1) Normal
2) Attack
3) Baseline

A

1) Acceptable traffic patterns allowed by the network.
2) Suspicious traffic patterns not allowed by the network.
3) Is the acceptable behaviour for a normal network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe the categoriews of Suspicous Traffic Signatures:
1) Informational
2) Reconnaissance
3) Unauthorized Access
4) Denial of Service

A

1) Signatures that may be suspicious but might not be malicious.
2) Signatures that indicate an attempt to gain information.
3) Signatures that indicate an attempt to gain unauthorzied access.
4) Signatures that indicate a DoS or flood attempt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe these Attack Signature Analysis Techniques
1) Content-based
2) Context-based
3) Atomic
4) Composite

A

1) Signatures are contained in packet payloads. Check for specific string occurring in the payload.
2) Signatures are contained in packet headers.
3) Single-packet analysis is sufficient to detect attack signatures.
4) Multiple-packet analysis is required to detect attack signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a signature?

A

Is a set of traffic characteristics such as source/dest IP address, ports, TCP flags, packet length, TTL, and protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly