CYB236 Chapter 7: Intrusion Detection Systems

Play an AI-generated podcast conversation about this lesson

What is a consequence of an unattended workstation being used by an intruder?

Consumption of resources and slowed performance (correct)

Patch installation for known vulnerabilities

Enhanced security measures

Legitimate users being prevented from using a service

What is the primary motivation of hackers?

Political activism

Thrisk of access and/or status (correct)

Financial gain

Revenge against a company

What is the goal of a Denial of Service (DOS) attack?

To spread malware

To steal sensitive data

To prevent legitimate users of a service from using that service (correct)

To install backdoors

What is an intrusion defined as?

Any set of actions that attempt to compromise the integrity, confidentiality, or availability of a resource Signup and view all the answers

What is a Masquerader?

An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account Signup and view all the answers

What is an example of a malicious user using a fake IP address?

Address spoofing Signup and view all the answers

What is a Clandestine user?

An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection Signup and view all the answers

What is the purpose of an Intrusion Prevention System (IPS)?

To detect intrusions Signup and view all the answers

What is a Misfeasor?

A legitimate user who accesses data, programs, or resources for which such access is not authorized Signup and view all the answers

What is an example of a type of malicious software?

Virus Signup and view all the answers

What is a reason why an unsecured modem can be a security risk?

It can be used to access internal networks Signup and view all the answers

What is an Insider attack?

An attack by a person with authorized access to the system Signup and view all the answers

What is a Cracker?

Malicious software that attacks a system Signup and view all the answers

What is the term for organized groups of hackers?

Criminal hackers Signup and view all the answers

What is a type of Insider attack?

All of the above Signup and view all the answers

What is a common target of criminal hackers on e-commerce servers?

Credit card files Signup and view all the answers

What is a Hacker?

A person who attacks a system via communication links Signup and view all the answers

Why are insider attacks particularly challenging to detect and prevent?

Because employees have access and knowledge of systems Signup and view all the answers

What can be used to detect and prevent insider attacks?

IDS / IPS systems, enforcement of least privilege, monitoring of logs, and strong authentication Signup and view all the answers

What motivates insiders to carry out attacks?

Revenge or entitlement Signup and view all the answers

What should sensitive data be protected with?

Encryption Signup and view all the answers

What is a security incident where an intruder gains unauthorized access to a system?

Security intrusion Signup and view all the answers

What is a common characteristic of criminal hackers?

They act quickly once they penetrate a system Signup and view all the answers

Why are IDS / IPS systems less effective against criminal hackers?

They are less effective against targeted attacks Signup and view all the answers

What is the primary purpose of an Intrusion Detection System?

To detect and provide warnings of unauthorized access attempts Signup and view all the answers

What is the primary function of a Sensor in an IDS?

To collect data from the network and forward it to the analyzer Signup and view all the answers

What is the role of an Analyzer in an IDS?

To determine if an intrusion has occurred Signup and view all the answers

What type of input can a Sensor receive in an IDS?

Any part of a system that could contain evidence of an intrusion Signup and view all the answers

What is the purpose of the Reporting function in an IDS?

To generate conclusions and act on analysis results Signup and view all the answers

What is the primary difference between an IDS and a Firewall?

IDS detects attacks, while Firewalls prevent them Signup and view all the answers

What is the primary benefit of using an IDS in addition to a Firewall?

To add an additional layer of security Signup and view all the answers

What are the three logical components of an IDS?

Sensors, Analyzers, and Reporters Signup and view all the answers

What is the primary purpose of the output of an IDS component?

To indicate that an intrusion has occurred Signup and view all the answers

What is a key characteristic of an IDS's user interface?

It may be equivalent to a manager, director, or console component Signup and view all the answers

Which of the following is NOT a requirement for an IDS?

It must be able to predict future intrusions Signup and view all the answers

What is the primary purpose of an IDS's ability to resist subversion?

To ensure the IDS can monitor itself and detect modifications Signup and view all the answers

What is the consequence of an IDS's ability to provide graceful degradation of service?

If some components of the IDS stop working, the rest will be affected as little as possible Signup and view all the answers

What is a key benefit of an IDS's ability to adapt to changes in system and user behavior over time?

It can better respond to changing security threats Signup and view all the answers

What is a key requirement for an IDS in terms of its operation?

It must be able to run continually with minimal human supervision Signup and view all the answers

What is the primary purpose of an IDS's ability to be configured according to the security policies of the system being monitored?

To ensure the IDS is aligned with the system's security policies Signup and view all the answers