Security Technologies Flashcards
What is the purpose of a firewall?
Firewalls close off systems to scanning and entry by blocking ports or non-trusted services and apps.
What does a host-based IDS solution do?
It analyzes logged events so both success and failure events can be monitored. Alerts are generated only after passing a proper threshold. Some deploy individual client apps on each host that relays findings to central IDS server, which is responsible for compiling data to identify distributed trends.
What is the difference between NIPS and NIDS?
Network Intrusion Detection Systems examine data traffic to identify unauthorized access attempts and generate alerts. Network Intrusion Prevention Systems are solutions that are intended to provide direct protection against identified attacks.
What does a file integrity checker do?
It detects when a file has been improperly modified. It does this by computing a cryptographic hash (like SHA-1 or MD5) for all selected files and creates a database of the hashes. The hashes are periodically recalculated and compared to the hashes in the database to check for modification.
How are advanced malware tools different?
They use behavior-based and context-based detection methods instead of signature-based methods.
