Exam 7: Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools

A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.

In order to determine which IDPS best meets an organization's needs, first consider the organizational environment in technical, physical, and political terms.

A(n) ____________________ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.

In the process of protocol application verification, the NIDPSs look for invalid data packets. _________________________

A(n) ____________________ system contains pseudo-services that emulate well-known services, but is configured in ways that make it look vulnerable to attacks.

Alarm filtering may be based on combinations of frequency, similarity in attack signature, similarity in attack target, or other criteria that are defined by the system administrators. _________________________

Under the guise of justice, some less scrupulous administrators may be tempted to ____________________, or hack into a hacker's system to find out as much as possible about the hacker.

Three methods dominate IDPS detection methods: the ____________________-based approach, the statistical anomaly-based approach, and the stateful packet inspection approach.

To document the existing threat to an organization

To act as quality control for security design and administration, especially of large and complex enterprises

An HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches.

The attack ____________________ is a series of steps or processes used by an attacker, in a logical sequence, to launch an attack against a target system or network.

Administrators who are wary of using the same tools that attackers use should remember that a tool that can help close an open or poorly configured firewall will not help the network defender minimize the risk from attack.

NIDPSs are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.

List and describe the three advantages of NIDPSs.

Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.

With a(n) ____________________ IDPS control strategy, all IDPS control functions are implemented and managed in a central location.

In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information and corrupt the servers' answers to routine DNS queries from other systems on the network.

In TCP/IP networking, port __________ is not used.

Security tools that go beyond routine intrusion detection include honeypots, honeynets, and padded cell systems.