Chapter 13 Network Security

45 terms by sofladude77 

Create a new folder

Advertisement Upgrade to remove ads

intrusion

occurs when attacker attempts to gain entry or disrupt normal operations of information systems, almost always with intent to do harm

intrusion detection

consists of procedures and systems that identify system intrusions

intrusion reaction

encompasses actions an organization takes when intrusion is detected

intrusion prevention

consists of activities that deter intrusion

intrusion correction

activities finalize restoration of operations to a normal state and seek to identify source and method of intrusion to ensure same type of attack cannot occur again

intrusion detection system (IDS)

device similar to a burglar alarm in that it detects a violation and activates an alarm.

intrusion prevention system (IPS)

device that can detect intrusion and launch an active response

intrusion detection/prevention system (IDPS)

term that describes current anti-intrusion technologies

alert or alarm

indication a system has just been attacked or is under attack

evasion

process by which attacker changes the format and/or timing of their activities to avoid being detected by the IDPS

false attack stimulus

event that triggers alarm when no actual attack is in progress

false negative

failure of an IDPS to react to an actual attack event

false positive

alert or alarm that occurs in the absence of an actual attack

noise

accurate alarm events that do not pose significant threat to information security

site policy

rules and configuration guidelines governing implementation and operation of IDPSs within an organization

site policy awareness

IDPS's ability to dynamically modify its configuration in response to environmental activity

true attack stimulus

event that triggers alarms and causes an IDPS to react as if a real attack is in progress

tuning

process of adjusting IDPS to maximize efficiency in detecting true positives, while minimizing false positives and false negatives

confidence value

value placed upon an IDPS's ability to detect/identify certain attacks correctly

alarm filtering

running system for a while to track types of false positives it generates and then adjusting IDPS alarm classifications

alarm clustering and compaction

process of grouping almost identical alarms occurring at almost same time into single higher-level alarm

fingerprinting

a systematic survey of all of the target organization's Internet addresses that is conducted to identify network services offered by hosts in that range

footprinting

the organized research of the Internet addresses owned or controlled by a target organization.

network-based IDPS (NIDPS)

these reside on a computer or appliance connected to network segment and monitor network traffic

monitoring port (SPAN port)

a specially configured connection on a network device that is capable of viewing all the traffic that moves through the entire device.

protocol stack verification

process in which an NIDPS look for invalid data packets - packets that are malformed under the rules of the TCP/IP protocol

application protocol verification

process in which an NIDPS inspects the higher-order protocols (HTTP, FTP, Telnet) are examined for unexpected packet behavior or improper use

Network Behavior Analysis

NIDPS system that examines network traffic in order to identify problems related to the flow of traffic. Most sensors are passive mode deployment only.

inline sensor

type of sensor deployed in such a way that the network traffic it is monitoring must pass through it.

host-based IDPS (HIPDS)

an IDPS that resides on particular computer or server (the host) and monitors activity only on that system. Also known as system integrity verifiers.

signature-based (knowledge-based, misuse-detection) IDPS

IDPS that examines network traffic in search of patterns that match known signatures

statistical anomaly-based (stat, behavior-based) IDPS

IDPS that compares sampled network activity to established baseline

stateful protocol analysis (SPA) IDPS

IDPS that uses profiles to detect anomalous protocol behavior

log file monitor (LFM) IDPS

IDPS that reviews log files from servers, network devices, and other IDPSs for signatures indicating an attack or intrusion

IDPS terrorist

attacker who utilizes tactics designed to trip the organization's IDPS, essentially causing the organization to conduct its own DoS attack, but overreacting to an actual, but insignificant, attack.

centralized control strategy

strategy in which all IDPS control functions are implemented and managed in a central location

fully distributed control strategy

strategy in which all control functions are applied at the physical location of each IDPS component

partially distributed control strategy

strategy that combines the best of the other two strategies; while individual agents still analyze and respond to local threats, their reporting to a hierarchical central facility enables the organization to detect widespread attacks

honey pot

decoy systems designed to lure potential attackers away from critical systems

honey net

collection of honey pots connecting several honey pot systems on a subnet

padded cell

honey pot that has been protected so it cannot be easily compromised—in other words, a hardened honey pot

trap and trace

a combination of techniques used to detect an intrusion and then to trace it back to its source

back hack

the act of hacking into a hacker's system to find out as much as possible about the hacker

enticement

the process of attracting attention to a system by placing tantalizing information in key locations.

entrapment

the action of luring an individual into committing a crime.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set