Intrusion Detection Systems (IDS) Classification

Questions and Answers

What is the primary definition of an intrusion?

• An attempt to compromise the integrity, confidentiality, or availability of a resource (correct)
• A penetration of a system's access controls
• An unauthorized access to a system
• A malicious software attack on a system

What is the term for an individual who is not authorized to use the computer and penetrates a system's access controls?

• Masquerader (correct)
• Misfeasor
• Clandestine user
• Insider

What is the term for a legitimate user who accesses data or programs for which they are not authorized?

• Insider
• Clandestine user
• Masquerader
• Misfeasor (correct)

What is the term for an individual who seizes supervisory control of a system to evade auditing and access controls?

Clandestine user (C)

What is the term for an individual who attacks a system via communication links, such as the Internet?

Hacker (B)

What is the term for malicious software that attacks a system, such as a Trojan horse or Virus?

MalWare (D)

What is an example of an intrusion attack?

All of the above (D)

What type of intruder is an individual who has authorized access to a system but misuses their privileges?

Misfeasor (D)

What is an example of a hacker's behavior motivated by thrill of access and/or status?

Accessing a system to gain prestige in the hacking community (A)

What is the primary goal of a Denial of Service (DOS) attack?

To prevent legitimate users of a service from using that service (C)

What is an example of an intruder's behavior?

Using an unsecured modem to access an internal network (A)

What is the purpose of an intrusion detection system (IDS)?

To detect and alert on potential security threats (A)

What is address spoofing?

A malicious user using a fake IP address to send malicious packets to a target (A)

What is an example of a buffer-overflow attack?

The 2000 Outlook Express vulnerability (B)

What is a major problem resulting from intruder activities?

Slowing down system performance for legitimate users (A)

What is a threat to computer systems today?

Organized groups of hackers (D)

What is the primary purpose of an Intrusion Detection System?

To monitor and analyze system events for potential security threats (D)

What is the role of a sensor in an Intrusion Detection System?

To collect and forward data to the analyzer (B)

What is the primary function of an analyzer in an Intrusion Detection System?

To determine if an intrusion has occurred (C)

What is the purpose of reporting in an Intrusion Detection System?

To generate conclusions and act on analysis results (B)

Why are firewalls not sufficient to detect all attacks?

Because they only protect against external attacks (D)

What is the main difference between a firewall and an Intrusion Detection System?

A firewall blocks traffic, while an IDS detects attacks (D)

What type of data can be input to a sensor in an Intrusion Detection System?

Any part of a system that could contain evidence of an intrusion (B)

What is the main goal of an Intrusion Detection System?

To detect and alert on potential security threats in real-time (B)

What is the primary function of the output of an Intrusion Detection System (IDS)?

To indicate that an intrusion has occurred (B)

What is the purpose of the user interface in an IDS?

To view output from the system or control its behavior (D)

What is a requirement for an IDS to be able to do?

Run continually with minimal human supervision (B)

What is meant by an IDS being 'fault tolerant'?

It can recover from system crashes and re-initializations (B)

What is a requirement for an IDS to resist?

Subversion (C)

Why must an IDS impose a minimal overhead on the system it is running on?

To prevent degradation of system performance (A)

What is meant by an IDS providing 'graceful degradation of service'?

If some components stop working, the rest are affected as little as possible (C)

What is a requirement for an IDS to be able to do in terms of configuration?

Be able to be configured according to the security policies of the system being monitored (D)

What is a key benefit of dynamic reconfiguration in Intrusion Detection Systems?

Faster response to threats without restart (A)

What is a limitation of traditional IDS response?

Inability to respond automatically (C)

What is the advantage of active response in IDS?

Automatic response to detected threats (D)

What is a challenge in investigating multiple alarm types?

Prioritizing which alarm to investigate (B)

What is a characteristic of signature detection in IDS?

Examining application, transport, and network layers (C)

What is the purpose of the analysis module in IDS?

To refine intrusion detection parameters and algorithms (D)

What is a benefit of anomaly detection in IDS?

Detection of Denial of Service attacks and worms (A)

What is the role of security administration in IDS?

Designing prevention techniques (A)