Exam 8: Intrusion Detection

________ detection techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious.

The _________ to an IDS enables a user to view output from the system or control the behavior of the system.

__________ is a security service that monitors and analyzes system events for the purpose of finding,and providing real-time warning of attempts to access system resources in an unauthorized manner.

The _________ is the predefined formally documented statement that defines what activities are allowed to take place on an organization's network or on particular hosts to support the organization's requirements.

Network-based intrusion detection makes use of signature detection and anomaly detection.

_________ simulate human brain operation with neurons and synapse between them that classify observed data

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

A ________ IDS monitors traffic at selected points on a network or interconnected set of networks.

_________ is a document that describes the application level protocol for exchanging data between intrusion detection entities.

_________ anomaly detection focuses on characterizing the past behavior of individual users or related groups of users and then detecting significant deviations.

To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

Activists are either individuals or members of an organized crime group with a goal of financial reward.

A(n)________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.

The _______ is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.

The functional components of an _________ are: data source,sensor,analyzer,administration,manager,and operator.

An inline sensor monitors a copy of network traffic;the actual traffic does not pass through the device.

An intruder can also be referred to as a hacker or cracker.

________ are decoy systems that are designed to lure a potential attacker away from critical systems.

Anomaly detection is effective against misfeasors.

The __________ is the human with overall responsibility for setting the security policy of the organization,and,thus,for decisions about deploying and configuring the IDS.