Intrusion Detection and Prevention Systems

Questions and Answers

Intrusion ____________ system only monitors network traffic and reports security incidents or intrusions to network administrator.

Detection

Intrusion ____________ system only monitors network traffic but may have the capability to take immediate action to stop the intrusion.

Prevention

A _________ is a type of attack on information assets in which an intruder tries to gain access to a network or system resources to perform unauthorized activities.

Intrusion

_________ is an authorized user who tries to access data, programs, or resources for which he/she is not authorized or may be authorized to access such resources but misuses his/her privileges.

Misfeasor

_______ is a user who somehow gains administrative controls and tries to act as a supervisor and uses his/her administrative privileges to evade security auditing and access control mechanisms.

Clandestine user

Masquerader is an individual who is likely to be an ______ to the private network.

Outsider

Misfeasor is an individual who is likely to be an _________ to the private network.

Insider

Clandestine user is an individual who is likely to be an ________ to the private network.

Insider and an outsider

______ can be considered as the first layer of defense against the intruders in Incident Response system.

Intrusion prevention

_________ specifies which security measures must be taken to deal with the security incident to minimize the loss and maximize the possibility of getting back to the normal state of operation.

Intrusion reaction

__________ finalizes the restoration process and documents all the relevant information about the security incident to ensure that the same intrusion cannot occur in the future.

Intrusion correction

__________ can be considered as the second layer of defense against the intruders in Incident Response system.

Intrusion detection

_________ activates once the intrusion is detected and reported to the network administrator.

Intrusion reaction

__________ transfers the control back to the Intrusion Prevention System once the intrusion has been resolved.

Intrusion correction

Once an intruder gains access to a system or network, what possible damages can be done?

Deface the web page/web server. Moreover, they can run a packet sniffer to collect all the usernames and passwords. Guessing passwords, copying database credit card numbers, viewing sensitive data like payroll information or medical information, running packet sniffer software to capture all usernames & passwords, defacing the web server.

When implemented as a part of an incident Response system, what role does an Intrusion Prevention System play?

It can be considered as the number one layer of defense. IPS consists of information security policies and procedures and programs that are implemented to block an intruder from gaining access to the system.

When implemented as a part of an Incident Response System, what does the Intrusion Detection System (IDS) perform?

Identify the intrusion has occurred (i.e., security incident identification), classify what type of intrusion is that, report this security incident to the network administration so that appropriate security measures can be taken as a response.

The cryptographic algorithms can be classified into __________ algorithms and ________ algorithms.

Symmetric and Asymmetric

Symmetric key algorithm requires that both senders and receivers must share ________________.

Secret key

Asymmetric key algorithm uses ____ key(s) to perform encryption and decryption.

2

A symmetric key encryption algorithm takes ______ ________ and _______ _______ as input to produce ciphertext.

Plain text and secret key

A symmetric key encryption algorithm applies _____________ __________ on the ________ ___________ to produce _________ ___________.

Mathematical operations, plain text, cipher text

A symmetric key decryption algorithm takes ___________ as input and produces ____________ as output.

Cipher text, plain text

Study Notes

Intrusion Detection and Prevention Systems

• Intrusion Detection System (IDS): Monitors network traffic and reports security incidents or intrusions to network administrators.
• Intrusion Prevention System (IPS): Monitors traffic and may take immediate actions to stop intrusions.

Types of Intrusions

• Intrusion: Unauthorized access attempt to a network or system for malicious activities.
• Misfeasor: Authorized user misusing privileges to access unauthorized data or resources.
• Clandestine User: Gained administrative control and evades security auditing.
• Masquerader: Outsider attempting to access a private network.
• Misfeasor: Insider misusing access privileges within a private network.
• Clandestine User: Can be both insider and outsider with malicious intent.

Defense Mechanisms in Incident Response

• First Layer of Defense: Intrusion prevention acts as a primary blocker against intrusions.
• Second Layer of Defense: Intrusion detection identifies and reports security incidents.
• Intrusion Reaction: Activated upon detection, facilitating initial response to intrusions.
• Intrusion Correction: Finalizes restoration and documentation of incidents to prevent future occurrences.

Consequences of Intrusion

• Potential damages include website defacement, password theft, database compromise, and exposure of sensitive information such as payroll and medical data.

Roles of Intrusion Systems

• IPS Role: Acts as the first layer of defense, implementing security policies and procedures to prevent unauthorized access.
• IDS Functions: Identifies the occurrence of an intrusion, classifies its type, and reports findings for further action.

Cryptographic Algorithms

• Types of Cryptographic Algorithms: Classified into symmetric and asymmetric algorithms.
• Symmetric Key Algorithm: Requires both sender and receiver to share a secret key for secure communication.
• Asymmetric Key Algorithm: Utilizes two keys for encryption and decryption processes.

Encryption and Decryption Processes

• Symmetric Key Encryption: Takes plain text and secret key as inputs to produce cipher text through mathematical operations.
• Symmetric Key Decryption: Takes cipher text as input and retrieves plain text as output.

Description

Explore the functions and types of Intrusion Detection and Prevention Systems (IDS/IPS) in network security. Learn about various intrusion types such as misfeasors and masqueraders. This quiz covers defense mechanisms crucial for incident response in safeguarding networks.