Exam 8: Intrusion Detection

__________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.

A(n) ________ event is an alert that is generated when the gossip traffic enables a platform to conclude that an attack is under way.

The ________ is responsible for determining if an intrusion has occurred.

To be of practical use an IDS should detect a substantial percentage ofintrusions while keeping the false alarm rate at an acceptable level.

A ________ IDS monitors traffic at selected points on a network or interconnected set of networks.

Copying a database containing credit card numbers, viewing sensitive data without authorization, and guessing and cracking passwords are examples of _________ .

A ________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.

The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria.

A (n) __________ is a hacker with minimal technical skill who primarily uses existing attack toolkits.

A common location for a NIDS sensor is just inside the externalfirewall.

The __________ is the human with overall responsibility for setting the security policy of the organization, and, thus, for decisions about deploying and configuring the IDS.

________ detection techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious.

A ________ is a hacker with sufficient technical skills to modify and extend attack toolkits to use newly discovered vulnerabilities.

The _______ is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.

The _________ is the predefined formally documented statement that defines what activities are allowed to take place on an organization's network or on particular hosts to support the organization's requirements.

_________ simulate human brain operation with neurons and synapse between them that classify observed data

Anomaly detection is effective against misfeasors.

Activists are either individuals or members of an organized crimegroup with a goal of financial reward.

A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so.

The _________ (RFC 4766) document defines requirements for the Intrusion Detection Message Exchange Format (IDMEF).