How can we help?

You can also find more resources in our Help Center.

18 terms

Principles of Information Security, 4th Ed.,Chapter 7

Whitman and Mattord
STUDY
PLAY
___are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
NIDPSs
___is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.
SPAN
Most NBA sensors can be deployed in___mode only, using the same connection methods as network-based IDPSs.
passive
___are decoy systems designed to lure potential attackers away from critical systems.
Honeypots
___sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.
Inline
A___is a network tool that collects copies of packets from the network and analyzes them.
packet sniffer
___testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.
Fuzz
Using___, the system reviews the log files generated by servers, network devices, and even other IDPSs.
LFM (log file monitor)
A(n)___is a proposed systems user.
supplicant
The port commonly used for the HTTP protocol:
80
A(n)___works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.
IDS
___is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.
Biometric access control
In TCP/IP networking, port___is not used.
0 (zero)
___is the process of classifying IDPS alerts so that they can be more effectively managed.
Alarm filtering
___is an event that triggers an alarm when no actual attack is in progress.
False attack stimulus
___benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
HIDPSs
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known___in their knowledge base.
signatures
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as___.
fingerprinting