Terms in this set (32)
What does IDS stand for?
Intrusion Detection System
What does IPS stand for?
Intrusion Prevention System
What is NIDS?
Network Based IDS
What is HIDS?
What is the difference between a firewall Scan and IDS/IPS scan?
Firewalls scan header information and IDS/IPS scan the entire packet.
What are the two categories for IDS/IPS implementations?
Network and Host based
The three analysis methods we learned about are:
Signature based, behavior based, and anomaly based
The signature based analysis method
The behavior based analysis method is based off
known good training data
The anomaly based analysis method is based on the likelihood that
an event shouldn't be happening
Use _______ to download the snort installer from the website.
What must you have before engaging in Pen-Testing Engagements?
What two hashing algorithms are considered broken?
md5 and sha1
What is broken about the md5 and sha1 algorithms?
Name two modern Pentesting Distros (Linux).
Parrotsec and Kali
Denial of Service
What does the 1st D stand for in DDoS?
What is an easy to use tool for DDoS that Anonymous used?
Low orbit ion cannon
Having a properly working IDS is all about having
Good rules in place
The same thing in IP Tables is what you do in IDS tables, each time one of these systems queries through the _______, it has excess property, excess memory, excess drive utilization. A good system is one that has as few rules in place that will affect the changes that you make.
A _______ looks only at the header information. An IDS looks at the entire packet.
A firewall looks only at the _______ information. An IDS looks at the entire packet.
A firewall looks only at the header information. An _______ looks at the entire packet.
A firewall looks only at the header information. An IDS looks at the entire _______.
What is the most influential IDS currently in development?
_________ has the ability to detect specific protocols declared by the rule writer.
__________ attack's use similar methodology to SYN Flood Attack.
__________ scans are used to discover a live system on a network.
________ to get in the "middle of traffic" so you. Can intercept.
____________ botnet is a self-propagating botnet virus.