ISA3060-01-Chapter7

35 terms by cfarsee 

Create a new folder

Advertisement Upgrade to remove ads

Security Technology: Intrusion Detection and Prevention Systems, and Other Tools

Intrusion

Attempted entry into or disruption of normal operations of an information system.

Intrusion Detection Systems

AKA IDS. Consist of procedures and systems that identify system intrusions.

Intrusion Prevention Systems

AKA IPS. Activities that prevent an intrusion.

Intrusion Reaction

Actions an organization takes when an intrusion is detected

Intrusion Correction

activities that finalize the restoration of operations to a normal state as quickly as possible.

Intrusion Detection and Prevention Systems

AKA IDPS. Generally used to describe current anti-intrusion technologies.

Alert or Alarm

Indication that a system has just been attacked or is under attack.

Evasion

Process by whcih attackers change the format and/or timing of their activities in order to avoid detection by the IDPS

False Attack Stimulus

Event that triggers alarm when no actual attack is in progress.

False Negative

Failure of an IDPS to react to an actual attack event.

False Positive

Alert or alarm that occurs in the absence of an actual attack.

Noise

Alarm events that are accurate and noteworthy but do pose significant threats to information security.

Site Policy

Rules and configuration guidelines governing the implementation and operation of IPDS within an organization.

Site Policy Awareness

An IDPS's ability to dynamically modify its configuration in response to environmental activity.

True Attack Stimulus

Event that triggers alarms and causes an IDPS to react as if a real attack is in progress

Tuning

Process of adjusting an IDPS to maximize its efficiency in detecting true positives, while minimizing false positives and false negatives.

Confidence Value

Measure of an IDPS's ability to correctly detect and identify certain types of attacks.

Alarm Filtering

Process of classifying IDPS alerts so they can be more effectively managed.

Alarm Clustering and Compaction

Process of grouping almost identical alarms that happen at close to the same time into a single higher level alarm.

Confidence Value

Based on fuzzy logical, experience, and past performance measurement, helps an administrator determine how likely it is that an IDPS alert or alarm indicates an actual attack in in progress.

Doorknob Rattling

Process of initially estimating the defensive state of an organization's networks and systems.

Footprinting

Aciivities that gather information about the organization and its network activities

Fingerprinting

Activities that can network locales for active systems and then identify the network services offered by the host systems.

PDS/IPS Technologies Difference.....

IPS can respond to a detected threat by attempting to prevent it from succeeding.

IDPS operate as.

Network or host-based systems

IDPS Network Systems

Focus on protecting network information assests

IDPS Host-Based Systems

Protects the server or host's information assets

NB IDPS Systems

AKA Network Behavior Analysis Systems. Examine network traffic in order to identify problems related to the flow of traffic, i.e., excessive packet flows that might occur as the result of DoS attacks, virus and worm attacks, some forms of network policy violations. This systems reside on network segments and monitor traffic across those segments.

Wireless NIDPS

Systems that monitor and analyze wireless network traffic

Host-based IDPS

AKA System Integrity Verifiers. Resides on a particular host computer or host server and monitors activity only on that system.

Signature-based IDPS

AKA Knowledge-based or Misuse-detection IDPS. Examines network traffic in search of patterns that match known signatures

Statistical-anomaly-based IDPS

AKA Behavior-based IDPS. Collects statistical summaries by observing traffic that is known to be normal.

Stateful Protocol Analysis IDPS

Process of comparing predetermined profiles that specify how particular protocols should and should not be used.

Clipping Level

When measured activities is outside or exceeds the baseline parameters.

Logo File Monitor IDPS

Similar to a NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs, looking for patterns and signatures that may indicate an attack or intrusion is in process or may have already occurred.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set