Deck 8: Intrusion Detection

The IDS component responsible for collecting data is the user interface.

Those who hack into computers do so for the thrill of it or for status.

Intrusion detection is based on the assumption that the behavior of the
intruder differs from that of a legitimate user in ways that can be quantified.

Snort can perform intrusion prevention but not intrusion detection.

An inline sensor monitors a copy of network traffic;the actual traffic
does not pass through the device.

Network-based intrusion detection makes use of signature detection
and anomaly detection.

Signature-based approaches attempt to define normal,or expected,
behavior,whereas anomaly approaches attempt to define proper behavior.

Intruders typically use steps from a common attack methodology.

Anomaly detection is effective against misfeasors.

Activists are either individuals or members of an organized crime
group with a goal of financial reward.

An intruder can also be referred to as a hacker or cracker.

The primary purpose of an IDS is to detect intrusions,log suspicious
events,and send alerts.

Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion.

A common location for a NIDS sensor is just inside the external
firewall.

_________ simulate human brain operation with neurons and synapse between them that classify observed data

The broad classes of intruders are: cyber criminals,state-sponsored organizations,_________ ,and others.

A ________ IDS monitors traffic at selected points on a network or interconnected set of networks.

__________ is a security service that monitors and analyzes system events for the purpose of finding,and providing real-time warning of attempts to access system resources in an unauthorized manner.

The _________ to an IDS enables a user to view output from the system or control the behavior of the system.

Copying a database containing credit card numbers,viewing sensitive data without authorization,and guessing and cracking passwords are examples of _________ .

________ detection techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious.

A ________ is a hacker with sufficient technical skills to modify and extend attack toolkits to use newly discovered vulnerabilities.

_________ anomaly detection focuses on characterizing the past behavior of individual users or related groups of users and then detecting significant deviations.

An IDS comprises three logical components: analyzers,user interface and _____.

The functional components of an _________ are: data source,sensor,analyzer,administration,manager,and operator.

The _________ (RFC 4766)document defines requirements for the Intrusion Detection Message Exchange Format (IDMEF).

________ are decoy systems that are designed to lure a potential attacker away from critical systems.

The _________ is the predefined formally documented statement that defines what activities are allowed to take place on an organization's network or on particular hosts to support the organization's requirements.

The __________ is the human with overall responsibility for setting the security policy of the organization,and,thus,for decisions about deploying and configuring the IDS.