ITIS 3200: Network Security (IDS)

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/29

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

30 Terms

1
New cards

Intrusion

Actions aimed at compromising the security of the target (CIA goals of computing/network resources)

2
New cards

Intrusion Detection

The identification through intrusion signatures and report of intrusion activities

3
New cards

Intrusion Prevention

The process of both detecting and managing intrusion activities throughout the network

4
New cards

IDS Components

IDS Manager that compiles data from sensors to determine intrusion.

Site policies: rules and conditions that define probable intrusions

If intrusion is detected, an alarm is sounded.

5
New cards

Masquerader

An attacker who is using identity of legit user to gain access

6
New cards

Misfeasor

Legit user doing actions they are not authorized to do

7
New cards

Clandestine User

User who tries to block/cover-up actions by deleting audit files and syslogs

8
New cards

Port Scans

Info gathering intended to determine open TCP ports on host

9
New cards

DoS Attacks

Network attacks meant to overwhelm host and shut down legit access

10
New cards

Malware Attacks

Replicating malicious software attacks, Trojan Horses, Computer Worms, viruses, etc

11
New cards

ARP Spoofing

An attempt to redirecting IP traffic in a local-area network

12
New cards

DNS Cache Poisoning

Pharming attack that changes host's DNS cache to a falsified domain name or IP address

13
New cards

False Negative

Attack, no alarm

14
New cards

True Negative

No attack, no alarm

15
New cards

True Positive

Attack, alarm

16
New cards

False Positive

No attack, alarm

17
New cards

Base-Rate Fallacy

Effectiveness of IDSs can be misinterpreted due to a statistical misconception. Occurs when the probablity of some conditional event is assessed without considering the 'base rate' of that event.

18
New cards

Six fields to be included in IDS event records:

Subject, Object, Action, Exception-Condition, Resource-Usage, Time-Stamp

19
New cards

Subject

The initiator of an action on the target

20
New cards

Object

The resource being targeted

21
New cards

Action

The operation being performed by subject on object

22
New cards

Exception-Condition

Any error message/exception condition that was raised by the action

23
New cards

Resource-Usage

Quantitative items that were expended by the system performing/responding to action

24
New cards

Time-Stamp

Unique identifier for the moment attack was initiated

25
New cards

Rule-Based IDS

Rules identify actions that match known profiles of intrusions. The rules encode signatures.

26
New cards

Statistical IDS

A profile is built to determine if user/host is acting unusual and thresholds are created

27
New cards

Network-based IDS

Sits at perimeter of a network and performs deep packet inspection

28
New cards

Host-based IDS

Resides on single system to monitor activity

29
New cards

NMAP

Network scanning tool to identify hosts, open services vulnerable to attacks.

30
New cards

Snort

Network-based IDS using a license for its detection rules. Paid via subscription fees. Runs on Linux and BSD.