Deck 11: Intruders

Intrusion detection involves detecting unusual patterns of activity or patterns of activity that are known to correlate with intrusions.

Password crackers rely on the fact that some people choose easily guessable passwords.

Unauthorized intrusion into a computer system or network is one of the most serious threats to computer security.

Password files can be protected in one of two ways: one-way function or __________ .

_________ detection involves the collection of data relating to the behavior of legitimate users over a period of time.Statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior.

System administrators can stop all attacks and hackers from penetrating their systems by installing software patches periodically.

One important element of intrusion prevention is password management.

Penetration identification is an approach developed to detect deviation from previous usage patterns.

To be of practical use an intrusion detection system should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

The ID determines the privileges accorded to the user.

The main advantage of the use of statistical profiles is that a prior knowledge of security flaws is not required.

Trojan horses and viruses are confined to network based attacks.

Statistical approaches attempt to define proper behavior and rule- based approaches attempt to define normal or expected behavior.

__________ systems have been developed to provide early warning of an intrusion so that defensive action can be taken to prevent or minimize damage.

Traditional hackers usually have specific targets, or at least classes of targets in mind.

The hacking community is a strong meritocracy in which status is determined by level of competency.

A weakness of the IDES approach is its lack of flexibility.

Insider attacks are among the easiest to detect and prevent.

Metrics that are useful for profile-based intrusion detection are: counter, gauge, resource utilization, and _________ .

A fundamental tool for intrusion detection is the _________ record.

_________ identification takes a very different approach to intrusion detection.The key feature of such systems is the use of rules for identifying known penetration or penetrations that would exploit known weaknesses.Typically the rules used in these systems are specific to the machine and operating system.

Designed to lure a potential attacker away from critical systems ____________ are decoy systems that divert an attacker from accessing critical systems, collect information about the hacker's activity, and encourage the attacker to stay on the system long enough for administrators to respond.

One of the most important results from probability theory is known as ________ which is used to calculate the probability that something really is the case, given evidence in favor of it.

_________ is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

_________ techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious.

Two types of audit records used are Detection-specific audit records and _________ audit records.

A _________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.

An example of a metric used for profile-based intrusion detection is _________ which is a non-negative integer that may be incremented but not decremented until it is reset by management action.Examples include the number of logins by a single user during an hour, the number of times a given command is executed during a single user session, and the number of password failures during a minute.

The focus of the __________ is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems and to management that may need to interact with them.