18 terms

Principles of Information Security, 4th Ed.,Chapter 7

Whitman and Mattord
___are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
___is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.
Most NBA sensors can be deployed in___mode only, using the same connection methods as network-based IDPSs.
___are decoy systems designed to lure potential attackers away from critical systems.
___sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.
A___is a network tool that collects copies of packets from the network and analyzes them.
packet sniffer
___testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.
Using___, the system reviews the log files generated by servers, network devices, and even other IDPSs.
LFM (log file monitor)
A(n)___is a proposed systems user.
The port commonly used for the HTTP protocol:
A(n)___works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.
___is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.
Biometric access control
In TCP/IP networking, port___is not used.
0 (zero)
___is the process of classifying IDPS alerts so that they can be more effectively managed.
Alarm filtering
___is an event that triggers an alarm when no actual attack is in progress.
False attack stimulus
___benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known___in their knowledge base.
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as___.