search

In which IDPS control strategy are all Idpss control functions implemented and managed in a central location?

1 Jahrs vor
Kommentare: 0
Ansichten: 7

focusNode

Show

Didn't know it?
click below

Knew it?
click below

In which IDPS control strategy are all Idpss control functions implemented and managed in a central location?

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Chapter 7

QuestionAnswer
Intrusion - occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm
Intrusion detection systems (IDSs) devices that detect unauthorized activity within the inner network or an individual machine
Intrusion prevention system (IPS) – can detect an intrusion, and also prevent that intrusion from successfully attacking the organization by means of an active response
Intrusion detection/prevention system (IDPS) )- used to describe current anti-intrusion technologies
Network-based IDPS (NIDPS) resides on a computer or appliance connected to a segment of an organization’s network and monitors network traffic on that network segment, looking for indications of ongoing or successful attacks
Monitoring port - specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device
Protocol stack verification- a process in which a network-based intrusion detection prevention system looks for invalid data packets
Application protocol verification- the higher-order protocols are examined for unexpected packet behavior or improper use
Passive mode- use same connection methods as network-based IDPS
Inline sensors- typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall
Host-based IDPS - resides on a particular computer or server, known as the host, and monitors activity only on that system
System integrity verifiers - benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files
Signature-based IDPS (knowledge-based IDPS or misuse-detection IDPS)- examines network traffic in search of patterns that match known signatures
Signatures - preconfigured, predetermined attack patterns
Statistical anomaly-based IDPS (stat IDPS) or behavior-based IDPS- collects statistical summaries by observing traffic that is known to be normal
Clipping level- as detected by an intrusion detection prevention system, the level of network activity that is established as a baseline and therefore activity volumes above that level are considered suspect
Stateful protocol analysis (SPA) process of comparing predetermined profiles of generally accepted definitions of benign activity for each protocol state against observed events to identify deviations
Log file monitor (LFM)- the system reviews the log files generation by servers, network devices, and even other IDPSs, looking for patterns and signatures that may indicate that an attack or intrusion is in process or has already occurred
IDPS terrorists- designed to trip the organization’s IDPS, essentially causing the organization to conduct its own
Centralized IDPS control strategy- all IDPS control functions are implemented and managed in a central location
Fully distributed IDPS control strategy all control functions are applied at the physical location of each IDPS component
Partially distributed IDPS control strategy an intrusion detection prevention system control strategy in which individual agents can still analyze and respond to local threats, but they are required to report to a hierarchical central facility which creates a blended approach that enables the organ
Honey pots - decoy systems designed to lure potential attackers away from critical systems
Honey net - when a collection of honey pots connects several honey pot systems on a subnet
Padded cell - honey pot that has been protected so that it cannot be easily compromised
Trap and trace - an extension of the attractant technologies discussed in the previous section, are growing in popularity
Back hack- hack into a hacker’s system to find out as much as possible about the hacker
Enticement- process of attracting attention to a system by placing tantalizing information in key locations
Entrapment- the action of luring an individual into committing a crime to get a conviction
Attack protocol - a series of steps or processes used by an attacker in a logical sequence to launch an attack against a target system or network
Footprinting - the organized research of the Internet addresses owned or controlled by a target organization
Fingerprinting- systematic survey of all of the target organization’s Internet addresses
Port scanners- tools used by both attackers and defenders to identify or fingerprint the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful informati
Active vulnerability scanners- scan networks for highly detailed information
Passive vulnerability scanner- one that listens in on the network and determines vulnerable versions of both server and client software
Packet sniffer- sometimes called a network protocol analyzer is a network tool that collects copies of packets from the network and analyzes them
Access control- security measures such as a badge reader that admits or prohibits people from entering sensitive areas
Supplicants- a prospective user who, in the context of access control, seeks to use a protected system, logically access a protected service, or physically enter a protected space
Strong authentication - requires at least 2 of the forms of authentication listed below to authenticate the supplicant’s identity
Password - private word or combination of characters that only the user should know
Passphrase - a series of characters, typically longer than a password from which a virtual password is derived
Virtual password - a password calculated or extracted from a passphrase that meets system storage requirements
Smart card - contains a computer chip that can verify and validate a number of pieces of information instead of just a PIN
Synchronous tokens - synchronized with a server, both devices use the same time or a time-based database to generate a number that is displayed and entered during the user login phase
Asynchronous tokens - use a challenge response system- in which the server challenges the supplicant during login with a numerical sequence
Minutiae- unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created
False reject rate- the percentage of identification instances in which authorized users are denied access a result of a failure in the biometric device
False accept rate- the percentage of identification instances in which unauthorized users are allowed access to systems or areas as a result of a failure in the biometric device
Crossover error rate (CER )- the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate


When the IDPS detects the attackers cell system seamlessly transfers them to a special environment where they can cause no harm hence the name padded cell?

When the IDS detects attackers, it seamlessly transfers them to a special simulated environment where they can cause no harm—the nature of this host environment is what gives the approach its name, padded cell. 9. What is network footprinting?

What is fully distributed control strategy?

Fully Distributed Control Strategy. As presented in Figure 7-5, a fully distributed IDS control strategy is the opposite of the centralized strategy. Note in the figure that all control functions (which appear as small square symbols enclosing a computer icon) are applied at the physical location of each IDS component.

Which kind of IDPS examines traffic flow on a network in an attempt to recognize abnormal patterns?

Network behavior analysis (NBA) analyzes network traffic to detect unusual traffic flows and spot new malware or zero-day vulnerabilities. Wireless intrusion prevention system (WIPS) simply scans a Wi-Fi network for unauthorized access and removes any unauthorized devices from the network.

What is the process of adjusting IDPS to maximize its efficiency in detecting true positives while minimizing both false positives and false negatives?

Tweaking is the process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing false positives and false negatives.

idps control strategy idpss control functions implemented managed central location Centralized control strategy

zusammenhängende Posts

A(n) partially distributed idps control strategy combines the best of other idps strategies
A(n) partially distributed idps control strategy combines the best of other idps strategies

Which of the following is a type of corporate level strategy that pertains to the organizations mix of strategic business units?
Which of the following is a type of corporate level strategy that pertains to the organizations mix of strategic business units?

Which of the following methods is used as a preventive control in the cloud security model?
Which of the following methods is used as a preventive control in the cloud security model?

What component adds control mechanisms to the MMC console for a specific service or object?
What component adds control mechanisms to the MMC console for a specific service or object?

Which of the following would an IS auditor recommend as the most effective preventive control to reduce the risk of data leakage?
Which of the following would an IS auditor recommend as the most effective preventive control to reduce the risk of data leakage?

What are the four business-level cooperative strategies? what are the key differences among them?
What are the four business-level cooperative strategies? what are the key differences among them?

What do you call the understanding of a dominant culture before choosing a suitable control system
What do you call the understanding of a dominant culture before choosing a suitable control system

When developing a social media strategy, what is the first issue that needs to be determined?
When developing a social media strategy, what is the first issue that needs to be determined?

Which of the following is the best strategy to use when participating in a group video call?
Which of the following is the best strategy to use when participating in a group video call?

A competitive strategy which is based on selling existing products to existing markets is called
A competitive strategy which is based on selling existing products to existing markets is called

Werbung

NEUESTEN NACHRICHTEN

Borderline wer ist schuld
1 Jahrs vor . durch LunarLine-up
Wer hat mich auf Instagram blockiert
1 Jahrs vor . durch IncipientHeader
Wie geht es dir was soll ich antworten?
1 Jahrs vor . durch SolubleAuthority
Kind 1 Jahr wie oft Fleisch
1 Jahrs vor . durch ThirstyRepublic
Was müssen Sie bei der Beladung von Fahrzeugen zu beachten?
1 Jahrs vor . durch WaxedHeadquarters
Schütz Die Himmel erzählen die Ehre Gottes
1 Jahrs vor . durch ExtrinsicSaucer
In planning an IS audit, the MOST critical step is the identification of the
1 Jahrs vor . durch SteepPanther
Wie lange darf eine Kaution einbehalten werden?
1 Jahrs vor . durch SeasonalBanjo
Sarah connor nicht bei voice of germany
1 Jahrs vor . durch FloridIceberg
Kann man mit dem Fachabitur Jura studieren?
1 Jahrs vor . durch PolarIndecency

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjpkoptzhhiitthtr
Urheberrechte © © 2024 ketiadaan Inc.