CYB236 Chapter 7: Intrusion Detection Systems

Questions and Answers

What is a consequence of an unattended workstation being used by an intruder?

• Consumption of resources and slowed performance (correct)
• Patch installation for known vulnerabilities
• Enhanced security measures
• Legitimate users being prevented from using a service

What is the primary motivation of hackers?

• Political activism
• Thrisk of access and/or status (correct)
• Financial gain
• Revenge against a company

What is the goal of a Denial of Service (DOS) attack?

• To spread malware
• To steal sensitive data
• To prevent legitimate users of a service from using that service (correct)
• To install backdoors

What is an intrusion defined as?

Any set of actions that attempt to compromise the integrity, confidentiality, or availability of a resource (B)

What is a Masquerader?

An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account (D)

What is an example of a malicious user using a fake IP address?

Address spoofing (D)

What is a Clandestine user?

An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection (C)

What is the purpose of an Intrusion Prevention System (IPS)?

To detect intrusions (C)

What is a Misfeasor?

A legitimate user who accesses data, programs, or resources for which such access is not authorized (B)

What is an example of a type of malicious software?

Virus (A)

What is a reason why an unsecured modem can be a security risk?

It can be used to access internal networks (D)

What is an Insider attack?

An attack by a person with authorized access to the system (B)

What is a Cracker?

Malicious software that attacks a system (A)

What is the term for organized groups of hackers?

Criminal hackers (D)

What is a type of Insider attack?

All of the above (D)

What is a common target of criminal hackers on e-commerce servers?

Credit card files (D)

What is a Hacker?

A person who attacks a system via communication links (B)

Why are insider attacks particularly challenging to detect and prevent?

Because employees have access and knowledge of systems (C)

What can be used to detect and prevent insider attacks?

IDS / IPS systems, enforcement of least privilege, monitoring of logs, and strong authentication (B)

What motivates insiders to carry out attacks?

Revenge or entitlement (B)

What should sensitive data be protected with?

Encryption (B)

What is a security incident where an intruder gains unauthorized access to a system?

Security intrusion (A)

What is a common characteristic of criminal hackers?

They act quickly once they penetrate a system (B)

Why are IDS / IPS systems less effective against criminal hackers?

They are less effective against targeted attacks (B)

What is the primary purpose of an Intrusion Detection System?

To detect and provide warnings of unauthorized access attempts (A)

What is the primary function of a Sensor in an IDS?

To collect data from the network and forward it to the analyzer (B)

What is the role of an Analyzer in an IDS?

To determine if an intrusion has occurred (B)

What type of input can a Sensor receive in an IDS?

Any part of a system that could contain evidence of an intrusion (D)

What is the purpose of the Reporting function in an IDS?

To generate conclusions and act on analysis results (B)

What is the primary difference between an IDS and a Firewall?

IDS detects attacks, while Firewalls prevent them (C)

What is the primary benefit of using an IDS in addition to a Firewall?

To add an additional layer of security (D)

What are the three logical components of an IDS?

Sensors, Analyzers, and Reporters (D)

What is the primary purpose of the output of an IDS component?

To indicate that an intrusion has occurred (D)

What is a key characteristic of an IDS's user interface?

It may be equivalent to a manager, director, or console component (B)

Which of the following is NOT a requirement for an IDS?

It must be able to predict future intrusions (D)

What is the primary purpose of an IDS's ability to resist subversion?

To ensure the IDS can monitor itself and detect modifications (B)

What is the consequence of an IDS's ability to provide graceful degradation of service?

If some components of the IDS stop working, the rest will be affected as little as possible (A)

What is a key benefit of an IDS's ability to adapt to changes in system and user behavior over time?

It can better respond to changing security threats (A)

What is a key requirement for an IDS in terms of its operation?

It must be able to run continually with minimal human supervision (A)

What is the primary purpose of an IDS's ability to be configured according to the security policies of the system being monitored?

To ensure the IDS is aligned with the system's security policies (B)