Cybersecurity Curriculum - Intrusion-Detection Systems

A comprehensive set of flashcards covering vocabulary and key concepts from the Cybersecurity Curriculum focused on Intrusion-Detection Systems.

Intrusion-Detection Systems (IDS)

Systems that enable administrators and analysts to detect possible attacks on the network.

Honeypot

A decoy system set up to appear as an important server to track and catch hackers.

Preemptive Blocking

Attempts to detect impending intrusions but is susceptible to false positives and may block legitimate traffic.

Anomaly Detection

Detects activities that deviate from the norm, saved in logs for analysis.

Threshold Monitoring

Defines acceptable behavior levels and monitors whether these levels are exceeded.

Resource Profiling

Measures system-wide resource use to develop a historic usage profile.

User/Group Work Profiling

Stores typical activities of each user/group to identify suspect behavior.

Executable Profiling

Monitors how programs use system resources to detect possible malware.

IDS Components

Includes sensors, analyzers, alerts, and operators involved in intrusion detection.

Passive IDS vs Active IPS

IDS logs activity while IPS takes steps to prevent an ongoing attack.

Snort

An open-source IDS known for its versatility across multiple platforms and operation modes.

Sniffer Mode

Reads and displays network packets in a continuous stream for monitoring.

Packet Logger Mode

Logs packets to disk for analysis at a later time.

Network Intrusion Detection System (NIDS)

Analyzes network traffic using a heuristic approach, adjusting its learning process.

Cisco IDS Models

Includes Cisco IDS 4200 Series Sensors and the Next-Generation IPS Solution.

Specter

A software honeypot that simulates various services of network servers.

Open Mode (Honeypot)

Behaves like a badly configured server to attract potential hackers.

Secure Mode (Honeypot)

Acts like a secure server to minimize risk while tracking intruders.

False Positives

Instances where legitimate activity is mistakenly identified as a threat.

Alert

Notification sent to administrators when suspicious activity is detected.

Monitoring

The process of observing and analyzing network activities to detect intrusions.

Heuristic Approach

Learning from previous experiences to identify new threats in intrusion detection.

Firewall Integration

Intrusion-detection systems should be used in conjunction with firewalls for effective security.

Dynamic User Base

A changing group of users that can complicate user profiling in anomaly detection.

Historical Usage Profile

A record of normal resource use that helps identify abnormal activity.

Illicit Activity

Unauthorized or illegal actions potentially detected through anomaly detection.

Behavioral Profiles

Profiles that represent normal behavior patterns of users or groups.

Event Notification

The process of informing operators about detected incident or anomalies.

Network Traffic Analysis

The examination of data traveling across the network to identify potential threats.

Emulate Services (Honeypot)

To replicate real server services to entice hackers into engaging with the honeypot.

Security Information and Event Manager (SIEM)

Tools that help in the collection and analysis of security data.

Banishment Vigilance

The concept of consistently monitoring and discouraging potential intrusions.

False Negatives

Instances where actual threats are not detected or acknowledged.

Packet Contents Analysis

Reviewing the information contained in network packets for anomalies.

Protective Measures

Strategies and tools used to safeguard networks from intrusions.