What are Idpss list and describe the three control strategies proposed for Idpss?
Chapter 7 Review Questions/Answers
IDPS is most like to a home burglar’s alarm. There is a specific set of instructions on IDPS that tells it to detect and prevent an outside attack. Show
False positive alarm is when an IDPS reacts to a threat that did not happen while a false negative alarm is when an IDPS fails to react to an actual threat or attack. False positive is least desirable because it make the system administrator less sensitive and they might not respond to an actual threat.
A network based IDPS is to protect a whole network while a host based IDPS protects a computer or any other specific host.
A signature based IDPS is the one that is able to correspond to already established and databased threats. While the behavior based IDPS makes a decision about a threat based on a combination of instructions in its database.
It is a data port or a device that has the capability to capture and replicate from the switching device that it is attached to. It stores data for IDPS to analyze.
Three strategies are centralized, partially distributed and fully distributed IDPS controls.
Honeypot are systems that are used to protect critical system. They function as decay systems and divert threats towards themselves from the critical systems. A combination of honeypots can be called a honeynet.
Padded cell system is an improved and more secure honeypot that cannot be easily broken by external threats.
The strategy in which an organized effort is made to locate the internet addresses or domains owned/controlled by an organization. Fingerprinting is the next stage of footprinting in which the resources and addresses of the target organization are ascertained.
Port scanning could be done by attackers to prepare their attacks on the organizational networks. Organizations ban port scanning because ISPs do not take responsibility for any attacks that are done via port scanning.
ISPs ban outbound port scanning because this may be done to prepare attacks which might cause legal difficulties for the ISP.
Open port is a TCP that accepts traffic provides different services at port address. Ports should not be left ill configured and only used when necessary.
This is a form of a software application that is utilized to check and monitor network ports that are kept open for different services.
An active scanner has the capacity to initiate network traffic while a passive scanner utilizes traffic that is already in action.
It can be used to collect and monitor the packets that travel over a network. It will show encryptions and also text transmission to the administrator of a network.
It must be capable of scanning wireless hosts and manage the privacy and confidentiality that the wireless network allows.
It is a form of identification that uses one or more physical human attributes to confirm security clearance. The term biometric mean to measure the physical characteristic of a person.
Which are the most reliable? Definitely, some biometric recognitions are more reliable than others. The most commonly used are retina and fingerprint identifications.
False reject rate is the percentage with which authentic users are denied access while false acceptance rate is the percentage with which non authentic users are identified as authentic. Crossover error rate is the value of false rejection rate and false acceptance rate at which the system sensitivity is configured.
Signatures are stored in a databased and compared when required and they are most widely used biometric authentication technology in the world.
Iris recognition is the most effective biometric authentication technology. Iris is a human physical characteristic that has the most unique patterns from person to person. What are the three basic control strategies?The three commonly utilized control strategies are centralized, partially distributed, and fully distributed.
What are the IDPS control strategies?IDPS control strategies include centralized control strategy, fully distributed control strategy and partially distributed control strategy are different methods to deploy. In all circumstances, designers have to select a deployment strategy based on a careful analysis of IT infrastructure requirements.
What is centralized control strategy as in IDPS?Centralized IDPS control strategy: It is an approach where all the control functions are being implemented and managed at a central location.
What common security system is an IDPS most like in what ways are these systems similar?What common security system is an IDPS most like? In what ways are these systems similar? An IDS (Intrusion Detection System) works like a burglar alarm in that it detects a violation of its configuration and activates an alarm. This alarm can be audible and / or visual, or it can be silent.
|